Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Open Port Re-check & Cross-site scripting vulnerability in search


Guest

Recommended Posts

Posted

Hi, I'm currently using CRE Loaded PCI B2B v6.4.1a. and I just had a PCI scan performed on my site. Below are the Security threats I need to repair. Numbers 1 and 2 are the most critical.

 

I read a post in the CRE Loaded.org forums to look through this site for some advice. I'm pretty new at this so if you could please bare with me and explain it, I would really appreciate it.

 

Here are my Discovered Security Threats:

 

1. TCP 110919 Open Port Re-check

2. TCP:443 500102 Cross-site scripting vulnerability in searchFor parameter to /search.php?test=query

3. TCP 504007 wireless access point detected

4. TCP:20 500073 TCP timestamp requests enabled

5. TCP:21 134324 FTP Supports Clear Text Authentication

6. TCP:443 500045 Cookie without HTTPOnly attribute can be accessed by scripts

7. TCP:443 500059 Apache ETag Header Discloses Inode Numbers

 

Thank you,

datoad

Posted

Here's a little more detail on my two critical issues:

 

1.

Open Port Re-check

Miscellaneous :: Nessus

ID 110919

Port TCP

Risk 3

 

One of several ports that were previously open are now closed or unresponsive. There are numerous possible causes for this

failure:

- The scan may have caused a service to freeze or stop running.

- An administrator may have stopped a particular service during the scanning process.

This might be an availability problem related to the following reasons:

- A network outage has been experienced during the scan, and the remote network cannot be reached from the

Vulnerability Scanner any more.

- This Vulnerability Scanner has been blacklisted by the system administrator or by automatic intrusion

detection/prevention systems which have detected the vulnerability assessment.

- The remote host is now down, either because a user turned it off during the scan or because a select denial fo service

was effective.

In any case, the audit of the remote host might be incomplete and may need to be done again. The traceroute information

may provide insight as to which device is interfering with the scan.

 

Solution:

1. Use a slower scan speed setting.

2. Disable your IPS during the scan.

3. Review packet filters on target.

 

Information from Target:

Connections to this host from the scanner with IP address ##.##.###.## were blocked on 2010-05-23 07:05:46 (GMT). The

following ports are no longer responsive: 443, 80.

 

2.

Cross-site scripting vulnerability in searchFor parameter to /search.php?test=query

Web Services :: Saint

ID 500102

Port TCP:443

Risk 3

 

A malicious web site could cause arbitrary commands to run on a client through a specially crafted link to the vulnerable

server. In some cases, this could result in the compromise of the client's cookies, leading to unauthorized access to web

applications.

Many web sites include scripts, which are lists of commands which, when executed in sequence, provide some enhancement

to a web page. Web browsers are able to recognize scripts in web pages by the <SCRIPT> tag and handle them

accordingly.

Several types of web servers and CGI programs include the user's request in their response. For example, a request for the

page http://server/nonexistent_page.html may cause server to respond:

The page nonexistent_page.html does not exist on this server.

By sending an HTTP request containing SCRIPT tags to such a web server, it is possible to cause the web server to return a

page containing arbitrary commands which are run by the client. While it is unlikely that a user would deliberately send a

request which would cause this to happen, a user could be tricked into doing so by following a specially-crafted link on

another web server. This vulnerability is known as cross-site scripting. A web server which is vulnerable to cross-site scripting could be exploited by a malicious web site to trick an unsuspecting user into executing arbitrary commands on his or her own

computer. One possible outcome would be for the attacker to steal cookies from the user's web browser, which often contain

authentication data that could be used to gain unauthorized access to web applications.

 

Solution:

Cross-site scripting can be fixed either by creating a customized error page which does not display the URI, or by applying one of the following fixes:

osCommerce

(12/23/03) [http://www.oscommerce.com/solutions/downloads] Upgrade to osCommerce 2.2 milestone

 

Information from Target:

Service: https SENT: GET

/advanced_search_result.php?keywords=%3Cscript%3Ealert%28%27SAINTGXR%27%29%3C%2Fscript%3E&osCsid=default&manufacturers_HTTP/1.0 Host: http://www.domain.com RECEIVED: <div class="az_topBox_new"><div

class="az_box_cont_new"><div class="az_box_cont_l_new"><div class="az_box_cont_r_new"><div

class="az_box_cont_m_new"><div class="boxContents"><form name="quick_find"

action="http://www.domain.com/advanced_search_result.php" method="get"><table border="0"

align="center" cellpadding="0" cellspacing="0"><tr><td style="padding-right:10px; white-space:nowrap;">Search

products:</td><td><input type="text" name="keywords" value="<script>alert('SAINTGXR')</script>" s

  • 5 weeks later...
Posted

I am having the issue:

Cookie without HTTPOnly attribute can be accessed by scripts

also. I'm using CRE Loaded 6.4.1 and also have not found a solution to it. I'm interested in knowing if anyone can find a way to resolve this.

  • 1 month later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...