Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: General --> Category: infos

osCommerce Malformed Session ID XSS Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Detect osCommerce Malformed Session ID XSS

Detailed Explanation for this Vulnerability Test

osCommerce is an online shop e-commerce solution under on going development
by the open source community. Its feature packed out-of-the-box installation
allows store owners to setup, run, and maintain their online stores with
minimum effort and with absolutely no costs or license fees involved.

osCommerce is vulnerable to a XSS flaw. The flaw can be exploited when a
malicious user passes a malformed session ID to URI.

Solution :
This is the response from the developer. To fix the issue, the $_sid parameter
needs to be wrapped around tep_output_string() in the tep_href_link() function
defined in includes/functions/html_output.php.

if (isset($_sid)) {
$link .= $separator . $_sid


if (isset($_sid)) {
$link .= $separator . tep_output_string($_sid)


osCommerce 2.2 Milestone 3 will redirect the user to the index page when
a malformed session ID is used, so that a new session ID can be generated.

Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.