Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25098
HistoryNov 09, 2010 - 12:00 a.m.

Spree e-commerce JSON Hijacking Vulnerabilities - CVE-2010-3978

2010-11-0900:00:00
vulners.com
36
JSON

Dear List,

I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability.

Check Point Software Technologies - Vulnerability Discovery Team (VDT)
http://www.checkpoint.com/defense/

Spree e-commerce JSON Hijacking Vulnerabilities
CVE-2010-3978

INTRODUCTION

Spree e-commerce is an open source commerce platform written for the Ruby on Rails framework supporting "Over 100 extensions created by our active and dedicated
community".

This problem was confirmed in the following versions of the Spree e-commerce, other versions maybe also affected.

All 0.11.x versions
The upcoming code 0.30.x versions

CVSS Scoring System

The CVSS score is: 2.7
Base Score: 3.3
Temporal Score: 2.7
We used the following values to calculate the scores:
Base score is: AV:N/AC:L/Au:N/C:C/I:N/A:N
Temporal score is: E:F/RL:OF/RC:C

DETAILS

There are multiple JSON Hijacking vulnerabilities and as result, an attacker can steal confidential information such as: product costs, price and quantities and
users email, encrypted password, tokens, OpenID identifier, phone and address as well as orders count and values by period.

There are some pages within the default Spree installation that use JavaScript Object Notation (JSON) as a transport mechanism between the client and the server.
As the application cannot differentiate real requests from forged requests, and the JSON object returned can be accessed by the attacker's malicious code via a
script tag, those pages are vulnerable to an attack known as JSON Hijacking.

The affected pages are:
- /admin/products.json
- /admin/users.json
- /admin/overview/get_report_data

Proof of concept exploitation code is available to interested parties.

CREDITS

This vulnerability has been brought to our attention by Gabriel Quadros from Conviso IT Security company (http://www.conviso.com.br) and researched internally by
Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team (VDT).


Rodrigo Rubira Branco
Senior Security Researcher
Vulnerability Discovery Team (VDT)
Check Point Software Technologies
http://www.checkpoint.com/defense

Related

osv 1
prion 1
securityvulns 1
github 1
cve 1
osv
osv
Spree allows remote attackers to obtain sensitive information
2022-05-14 02:42:49
prion
prion
Spoofing
2010-11-17 16:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2010-11-09 00:00:00
github
github
Spree allows remote attackers to obtain sensitive information
2022-05-14 02:42:49
cve
cve
CVE-2010-3978
2010-11-17 16:00:00
JSON
Related for SECURITYVULNS:DOC:25098
osv1prion1securityvulns1github1cve1