oss-sec mailing list archives
Re: CVE-Request -- Zeuscart v. 4 -- Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities
From: cve-assign () mitre org
Date: Mon, 2 Mar 2015 14:44:00 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Reflecting XSS-vulnerabilities can be found in a common Zeuscart-installation in the following locations
Use CVE-2015-2182.
The SQL injection-vulnerabilities can be found in the administrative backend of Zeuscart v. 4
We did not completely understand this part of the vendor interaction: https://github.com/ZeusCart/zeuscart/issues/28#issuecomment-72829334 https://github.com/ZeusCart/zeuscart/commit/fa919a5e4887a7d348166eac4f10b041684208ca https://github.com/ZeusCart/zeuscart/issues/28#issuecomment-73352761 The vendor seems to be suggesting the CVE-2014-3868 patch, which had been previously discussed in the http://seclists.org/fulldisclosure/2014/Jun/116 post. This patch seems related to: prodid qty variations subId whereas your report is about: id cid (An entirely separate issue is that the patch has a "$_POST['qty'] = abs((int)$_GET['prodid']);" line that might result in unintended quantity values.) So, we think that there is not, in any sense, a "version" of ZeusCart that fixes any attack vector that you reported. If there were an incomplete fix, additional CVE IDs may be required. Use CVE-2015-2183 for all of the SQL injection issues in your report.
http://{TARGET}/admin/?do=getphpinfo
Use CVE-2015-2184. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJU9L0YAAoJEKllVAevmvmsxg4H/2QQ2pZsaIpRjAVyQELpFKz3 YsXxJJpPNJCBsUNi2gLKMGXUf9imACx6R5Zv73YW0hWNGfDBKKSO6J2crmLd0kQh 66IW7vKagZHhJaQoubt2hf9YPGBTC4afOBwuFjIqDKNzFTQ8tpDl2Z6NJ59TGLKV ORMVZNBWy04KS86dBblmj1fDeFVzKqpOEoatDlgdFrOZgbzqGqVudXrdBpvB+yFu LnKZyun11bu4U1CRe2FXGa3+IEXVRuruUlnu5Fey+pnVtIkJ0wVwXWJzMBNK+zSM PH+f+/FwBmigSuejhKjukbOUZjZmNjbGynxpSQm35NSs+72VNqsvhWLztRQhXIo= =G7BY -----END PGP SIGNATURE-----
Current thread:
- CVE-Request -- Zeuscart v. 4 -- Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities Steffen Rösemann (Feb 22)
- Re: CVE-Request -- Zeuscart v. 4 -- Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities cve-assign (Mar 02)