Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23481
HistoryMar 31, 2010 - 12:00 a.m.

OXID eShop Enterprise: Session Fixation and XSS Vulnerabilities

2010-03-3100:00:00
vulners.com
23
JSON

OXID eShop Enterprise Edition

  • Session Fixation Vulnerability
  • Stored Cross Site Scripting Vulnerability
    Date: 30.03.2010
  • Description

OXID eShop EE is a widespread and popular CMS for online shops.
The current release (4.2.0) has been found vulnerable to a session fixation and a XSS attack.

  • Session Fixation

Passing the parameter sid via URL allows an attacker fixate the session ID to a given value.
By fooling legitimate users to follow the attacker provided URL with the fixated session ID, the attacker would be able to overtake the users session.

Example: http://vulnerable.system.com/index.php?sid=12345

  • XSS
    A stored XSS vulnerability exists in the recommendation list (account_recommlist.php) in the fields recomm_title, recomm_author and recomm_desc. No further example
    will be given.

  • Solution

Update to version 4.3.0

  • Credits

The vulnerabilities were discovered by Michael Mueller from Integralis
michael#dot#mueller#at#integralis#dot#com

  • Timeline

23.03.2010 - Vulnerabilities discovered
23.03.2010 - Vendor contacted
23.03.2010 - Initial vendor response
25.03.2010 - Vendor response with ACK and fix date
30.03.2010 - Public disclosure

  • Reference

Vendor Security Information
http://wiki.oxidforge.org/Category:Security_bulletins

Vendor Homepage
http://www.oxid-esales.com/

JSON