[转载]JShop Cross Site Scripting

信息来源：securiteam

Summary
JShop Server is "a PHP and mySQL driven e-commerce system that can provide everything from customer accounts to gift certificates, from stock control to advanced pricing options, from reports and statistics to order management and dispatch tracking".

Due to improper filtering done by JShop an attacker can insert arbitrary HTML/JavaScript into the pages returned by the product.

Credit:
The information has been provided by SmOk3.
The original article can be found at: http://www.systemsecure.org/wwwboard/messages/225.html

Details
Vulnerable Systems:
* JShop Server version 1.2.0 and prior

Immune Systems:
* JShop Server version 1.3.0 or newer

A vulnerability has been identified in JShop Server, which can be exploited by malicious people to conduct Cross-Site Scripting attacks. The vulnerability is caused due to missing validation of input supplied to "xProd and xSec" parameters in "product.php". This can be exploited by including arbitrary HTML or script code in the parameters, which will cause it to be executed in a user's browser session when viewed.

Exploit:
http://vulnerable/product.php?xSec=1&xProd=7"><script>alert(document.domain);</script>
http://vulnerable/product.php?xSec=1"><script>alert(document.domain);</script>&xProd=7