GulfTech Computers - Professional Computer Services  
Additional Links
-> Dicussion Forum
-> Encryption Tools
-> Information Tools
-> Net Info Tools
-> Latest Advisories
-> Latest Vulns
-> Latest Win Software
-> Latest Nix Software
-> Security News
-> Security Press
Recent News

GulfTech Computers strives to beat the price(s) of any other business around. Check with us first as it just may save you some time and money. And who doesn't want to save money? Please contact us with any questions or inquiries.

Latest GulfTech Releases

SubScan v1.2 Scans a domain for DNS records and SubDomains. Very stealthy, and can be used to find many hosts not on the public netblock. A very interesting tool to say the least. Works on both Nix and Windows based systems. Get it now!

Download SubScan v1.2

Search GulfTech
You can use the form below to search our site. Just enter the keyword or keywords to search.
Latest Advisories
Conectiva Linux Security Announcement - apache (CLA-2004:857)
OpenPKG Security Advisory - cvstrac (OpenPKG-SA-2004.036)
SUSE Security Announcement - kernel (SUSE-SA:2004:024)
Trustix Secure Linux Security Advisory -kernel (#2004-0041)
Gentoo Linux Security Advisory - Opera: Multiple new vulnerabilities (GLSA 200408-05)
Latest Vulnerabilities
Moodle post.php Cross Site Scripting Vulnerability
Page.cgi Remote Command Execution Vulnerability
Opera 7.53 Multiple Vulnerabilities
CVStrac Remote Arbitrary Code Execution Vulnerability
Thompson SpeedTouch Home ADSL Modem Predictable TCP ISN Generation
Latest Security News
Attacking the phishing threat - what every company needs to know
Wi-Fi security doesn't have to mean slow
HNS Newsletter issue 225 has been released
Big business becoming Big Brother
Examining the new Linux+ certification















osCommerce Malformed Session ID XSS Vulnerability
December 17, 2021


Vendor : osCommerce
URL : http://www.oscommerce.com
Version : All Currently Available Versions
Risk : Cross Site Scripting
BID : http://www.securityfocus.com/bid/9238


Description:
osCommerce is an online shop e-commerce solution under on going development by the open source community. Its feature packed out-of-the-box installation allows store owners to setup, run, and maintain their online stores with minimum effort and with absolutely no costs or license fees involved.


Problem:
osCommerce is vulnerable to a XSS flaw. The flaw can be exploited when a malicious user passes a malformed session ID to URI. Below is an example of the flaw.

https://path/?osCsid="><iframe src=http://www.gulftech.org></iframe>

This condition seems to affect only secure https connections, but was convirmed by the developers to affect regular http connections in the current CVS version of osCommerce.


Solution:
This is the response from the developer.

To fix the issue, the $_sid parameter needs to be wrapped around tep_output_string() in the tep_href_link() function defined in includes/functions/html_output.php.

Before:

if (isset($_sid)) { $link .= $separator . $_sid; }

After:

if (isset($_sid)) { $link .= $separator . tep_output_string($_sid); }

osCommerce 2.2 Milestone 3 will redirect the user to the index page when a malformed session ID is used, so that a new session ID can be generated.


Credits:
Credits go to JeiAr of the GulfTech Security Research Team.






© Copyright 2002 - GulfTech Computers, All Rights Reserved
Contact GulfTech Computers