Jump to content

Cross Site Scripting Security Question

tivicrdotcom
 Share

Recommended Posts

tivicrdotcom Enthusiast

tivicrdotcom

Posted
Posted

Ok so I have failed my site scanner test due to proning on Cross Site Scripting. I get the following:

 

Risk Factor:

 

Medium / CVSS Base Score : 4.3(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Solution:

 

Restrict access to the vulnerable application. Contact the vendor for a patch or upgrade.

 

Output:

 

Using the GET HTTP method, Site Scanner found that :

+ The following resources may be vulnerable to cross-site scripting (comprehensive test) :

+ The 'contact_name' parameter of the /tienda/es/accesorios/60-salveque-volcom-com-fusion.html CGI :

/tienda/es/accesorios/60-salveque-volcom-com-fusion.html?contact_name=<<

<<<<<<<<foo"bar'204>>>>>

-------- output --------

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.o [...]

var baseDir='http://tivicr.com/tienda/';var static_token='cd4e2275 [...]

[...] on.html?contact_name=<<<<<<<<<<foo"bar'204>>>>>"/></head><body id="produc [...]

function tryToCloseInstantSearch(){if($('#old_center_column').length>0)

{$('#center_column').remove();$('#old_center_column').attr('id','c [...]

------------------------

+ The 'contact_name' parameter of the /tienda/es/zapatos/118-supra-ellington-avenger.html CGI :

/tienda/es/zapatos/118-supra-ellington-avenger.html?contact_name=<<<<<<<

<<<foo"bar'204>>>>>

-------- output --------

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.o [...]

var baseDir='http://tivicr.com/tienda/';var static_token='cd4e2275 [...]

[...] er.html?contact_name=<<<<<<<<<<foo"bar'204>>>>>"/></head><body id="produc [...]

function tryToCloseInstantSearch(){if($('#old_center_column').length>0)

{$('#center_column').remove();$('#old_center_column').attr('id','c [...]

------------------------

+ The 'contact_name' parameter of the /tienda/es/bolsos/119-bolso-mensajero-aeroportale.html CGI :

/tienda/es/bolsos/119-bolso-mensajero-aeroportale.html?contact_name=<<<<

<<<<<<foo"bar'204>>>>>

-------- output --------

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.o [...]

var baseDir='http://tivicr.com/tienda/';var static_token='cd4e2275 [...]

[...] le.html?contact_name=<<<<<<<<<<foo"bar'204>>>>>"/></head><body id="produc [...]

function tryToCloseInstantSearch(){if($('#old_center_column').length>0)

{$('#center_column').remove();$('#old_center_column').attr('id','c [...]

------------------------

+ The 'contact_name' parameter of the /tienda/es/bufandas/68-bufanda-tejida-hollister.html CGI :

/tienda/es/bufandas/68-bufanda-tejida-hollister.html?contact_name=<<<<<<

<<<<foo"bar'204>>>>>

-------- output --------

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.o [...]

var baseDir='http://tivicr.com/tienda/';var static_token='cd4e2275 [...]

[...] er.html?contact_name=<<<<<<<<<<foo"bar'204>>>>>"/></head><body id="produc [...]

function tryToCloseInstantSearch(){if($('#old_center_column').length>0)

{$('#center_column').remove();$('#old_center_column').attr('id','c [...]

------------------------

+ The 'contact_name' parameter of the /tienda/es/abrigos/52-abrigo-con-gorro-volcom.html CGI :

/tienda/es/abrigos/52-abrigo-con-gorro-volcom.html?contact_name=<<<<<<<<

<<foo"bar'204>>>>>

-------- output --------

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.o [...]

var baseDir='http://tivicr.com/tienda/';var static_token='cd4e2275 [...]

[...] om.html?contact_name=<<<<<<<<<<foo"bar'204>>>>>"/></head><body id="produc [...]

function tryToCloseInstantSearch(){if($('#old_center_column').length>0)

{$('#center_column').remove();$('#old_center_column').attr('id','c [...]

------------------------

+ The 'contact_name' parameter of the /tienda/es/20-reloj-guess-faja-de-cuero.html CGI :

/tienda/es/20-reloj-guess-faja-de-cuero.html?contact_name=<<<<<<<<<<foo"

bar'204>>>>>

-------- output --------

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.o [...]

var baseDir='http://tivicr.com/tienda/';var static_token='cd4e2275 [...]

[...] ro.html?contact_name=<<<<<<<<<<foo"bar'204>>>>>"/></head><body id="produc [...]

function tryToCloseInstantSearch(){if($('#old_center_column').length>0)

{$('#center_column').remove();$('#old_center_column').attr('id','c [...]

------------------------

+ The 'contact_name' parameter of the /tienda/es/48-chaleco-aeropostale.html CGI :

/tienda/es/48-chaleco-aeropostale.html?contact_name=<<<<<<<<<<foo"bar'20

4>>>>>

-------- output --------

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.o [...]

var baseDir='http://tivicr.com/tienda/';var static_token='cd4e2275 [...]

[...] le.html?contact_name=<<<<<<<<<<foo"bar'204>>>>>"/></head><body id="produc [...]

function tryToCloseInstantSearch(){if($('#old_center_column').length>0)

{$('#center_column').remove();$('#old_center_column').attr('id','c [...]

------------------------

+ The 'contact_name' parameter of the /tienda/es/gorras/93-gorra-fox-de-malla.html CGI :

/tienda/es/gorras/93-gorra-fox-de-malla.html?contact_name=<<<<<<<<<<foo"

bar'204>>>>>

-------- output --------

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.o [...]

var baseDir='http://tivicr.com/tienda/';var static_token='cd4e2275 [...]

[...] la.html?contact_name=<<<<<<<<<<foo"bar'204>>>>>"/></head><body id="produc [...]

function tryToCloseInstantSearch(){if($('#old_center_column').length>0)

{$('#center_column').remove();$('#old_center_column').attr('id','c [...]

------------------------

+ The 'contact_name' parameter of the /tienda/es/cabello/11-plancha-de-titanio-babyliss.html CGI :

/tienda/es/cabello/11-plancha-de-titanio-babyliss.html?contact_name=<<<<

<<<<<<foo"bar'204>>>>>

-------- output --------

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.o [...]

var baseDir='http://tivicr.com/tienda/';var static_token='cd4e2275 [...]

[...] ss.html?contact_name=<<<<<<<<<<foo"bar'204>>>>>"/></head><body id="produc [...]

function tryToCloseInstantSearch(){if($('#old_center_column').length>0)

{$('#center_column').remove();$('#old_center_column').attr('id','c [...]

------------------------

+ The 'add' parameter of the /tienda/cart.php CGI :

/tienda/cart.php?add=<<<<<<<<<<foo"bar'204>>>>>&token=cd4e2275d94d4b5d51

2f4d9101fe7d16&id_product=106&qty=1

-------- output --------

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.o [...]

var baseDir='http://tivicr.com/tienda/';var static_token='cd4e2275 [...]

[...] /tienda/cart.php?add=<<<<<<<<<<foo"bar'204>>>>>&token=cd4e2275d94d4b5d512 [...]

function tryToCloseInstantSearch(){if($('#old_center_column').length>0)

{$('#center_column').remove();$('#old_center_column').attr('id','c [...]

------------------------

+ The 'contact_name' parameter of the /tienda/es/reproductores/88-mp3-sumergible-de-4gb.html CGI :

/tienda/es/reproductores/88-mp3-sumergible-de-4gb.html?contact_name=<<<<

<<<<<<foo"bar'204>>>>>

-------- output --------

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.o [...]

var baseDir='http://tivicr.com/tienda/';var static_token='cd4e2275 [...]

[...] gb.html?contact_name=<<<<<<<<<<foo"bar'204>>>>>"/></head><body id="produc [...]

function tryToCloseInstantSearch(){if($('#old_center_column').length>0)

{$('#center_column').remove();$('#old_center_column').attr('id','c [...]

------------------------

+ The 'customer_email' parameter of the /tienda/es/carro-de-la-compra CGI :

/tienda/es/carro-de-la-compra?customer_email=<<<<<<<<<<foo"bar'204>>>>>&

Submit=Agregar%20al%20Carrito&add=1&token=cd4e2275d94d4b5d512f4d9101fe7d

16&id_product=100&qty=1&group_2=97&id_product_attribute=&group_4=35&dele

te=&ipa=0&group_5=76

-------- output --------

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.o [...]

var baseDir='http://tivicr.com/tienda/';var static_token='cd4e2275 [...]

[...] ompra?customer_email=<<<<<<<<<<foo"bar'204>>>>>&Submit=Agregar%20al%20Car [...]

function tryToCloseInstantSearch(){if($('#old_center_column').length>0)

{$('#center_column').remove();$('#old_center_column').attr('id','c [...]

------------------------

Other references : CWE:79, CWE:80, CWE:81, CWE:83, CWE:20, CWE:74, CWE:442, CWE:712, CWE:722, CWE:725, CWE:811, CWE:751, CWE:801, CWE:116, CWE:692, CWE:87, CWE:85, CWE:86, CWE:84

 

Anyone? Any clue? Thanks!

Link to comment
Share on other sites
Mike Kranzler Newbie

Mike Kranzler

Posted
Posted

Hi tivicrdotcom,

I passed this along to a security expert on our development team, and he says it does not appear to be an issue with PrestaShop's software. However, we would be happy to take a deeper look into this for you to try to identify what is actually leading to this error in order to help you resolve this.

 

Can you please PM me with any information you have, such as your URL, specific tests you ran and anything else that would help us replicate this output? On our end, we got something different, although it still doesn't appear to be a software-related issue.

 

-Mike

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...