CubeCart 4.x.x Cross-Site Scripting Vulnerabilities | Bala-Krishna

Contact
Subscribe

Subscribe Feed

Subscribe By Email

Register to Comments
About
Pages
Recent Posts
Advertise Here

Your Ad Here
Recent Comments
- zlatan24 on Install Rar/UnRar Support & Open Rar Archives In Ubuntu
- Bala Krishna on Google Chrome - New Clean Web Browser
- seosclub on Google Chrome - New Clean Web Browser
- Bala Krishna on How to run FFMPEG command in Asp.Net
- jaimin on How to run FFMPEG command in Asp.Net
Sponsor

Blogs Directory

Visitor Map
Recent Readers

Sponsor
Categories
- Advertising (19)
- ASP.Net (5)
- Asp.Net Tips (2)
- Bhopal (3)
- Blogging (46)
- Browser Stuff (47)
- Bug Fix (23)
- Business Talk (8)
- Celibrity Interviews (1)
- CentOS (12)
- Crawler (19)
- CSS (1)
- Cube Cart (1)
- Dos Commands (1)
- Dot.Net (5)
- Error Log (12)
- Events (26)
- FFMPEG (13)
- FFMPEG-PHP (13)
- Financial (2)
- Firefox (2)
- Firefox Add-On (6)
- FLVTool (7)
- Gallery2 (1)
- General (69)
- Gmail Stuff (7)
- Godaddy Hosting (3)
- Google (12)
- Hardware (12)
- Health (2)
- IFSC Code (1)
- India (1)
- Inspiration (4)
- Instant Messenger (1)
- Internet Explorer (12)
- Internet Fraud (2)
- Internet Marketing (24)
- Java Script (1)
- Link Building (6)
- Linux (39)
- Linux Commands (22)
- Money Maker (1)
- Money Transfer (1)
- MS Excel (1)
- Nation (2)
- Online Fraud (1)
- Online Media (45)
- Operating System Tutorial (32)
- Page Rank (2)
- PayPal (1)
- Photo Sharing (4)
- PHP Function (31)
- PHP Programming (39)
- PHP Tutorial (39)
- Press Release (8)
- Product Review (4)
- Remote Access (3)
- Scam (2)
- Search Engine (16)
- Security (25)
- Self Improvement (1)
- SES India (1)
- Snap Shot (6)
- Social Media (5)
- Social Messenger (2)
- Social Networking (5)
- Swift Code (2)
- Tips and Tricks (99)
- uber-uploader (2)
- VBScript (5)
- Visual Basic (3)
- VOIP (1)
- Web Design (20)
- Web Development (32)
- Web Directory (8)
- Web Hosting (17)
- Web Technology (110)
- Window Application (18)
- windows xp (28)
- Wire Transfer (2)
- Word Press (28)
- Wordpress Plugin (12)
- Wordpress Theme (10)
- Wordpress Widget (8)
Blogroll
Archives
- October 2008 (1)
- September 2008 (7)
- August 2008 (7)
- July 2008 (7)
- June 2008 (7)
- May 2008 (6)
- April 2008 (7)
- March 2008 (10)
- February 2008 (4)
- January 2008 (10)
- December 2007 (12)
- November 2007 (7)
- October 2007 (7)
- September 2007 (10)
- August 2007 (2)
- July 2007 (5)
- June 2007 (12)
- May 2007 (22)
- April 2007 (18)
- March 2007 (18)
Blog Stats

CubeCart 4.x.x Cross-Site Scripting Vulnerabilities

Two vulnerabilities has been discoverd in CubeCart 4.xx by Russ McRee that can be use by hackers to exploit website by cross-site scripting attacks. The search input string is not properly sanitised before passed to script for execution. This behaviour can be used by attacker to execute malicious script code in the browser to affect website. This may allow to hacker to acess administration by stealing cookies-based aunthentication scheme and destroy website.

Solution:

CubeCart has been released security patch to fix this problem that can be download from following location.

Also, CubeCart user can fix this manually by editing a single file. Please follow steps described below:

Open ini.inc.php and find at around line 134:

$data[$key] = $this->safety($val);
}

return true;

Replace with:

$data[$key] = $this->safety($val);
}

All done.

Read Related Post

Web application security workshop in 18 city
SECUNIA Personal Software Inspector
Mouthshut.com an ultimate site to read and write reviews
Secure PHP Application with Suhosin Hardened-PHP
NetBeans Software Day Event 2007 in San Francisco

March 27th, 2008 Bala Krishna Posted in Bug Fix, Cube Cart, Error Log, PHP Function, PHP Programming, PHP Tutorial, Remote Access, Security, Tips and Tricks, Web Technology |

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.

« Shortcut to open Task Manager in Windows

Wordpress 2.5 Finally Released »