clubbby Posted November 4, 2013 Share Posted November 4, 2013 First things first, I'm not actually taking payments directly on my online store at this time (using PayPal) so PCI compliance isn't vital to me, I was just working on making sure my site was secure. But I couldn't find any other posts in regards to this particular one so I thought I'd post it. I used the PCI scanner from hackerguardian.com and it reported that it found a potential XSS vulnerability on products_new.php. I'll paste the import bits at the bottom of this post. If you need anything additional let me know and I would be happy to supply it. My configuration (as of today) is Ubuntu 12.04 LTS, running NGINX 1.4.3, PHP (fpm) 5.5.5 (both I compiled) and MySQL 5.5.34 (stock from Ubuntu repo). My installation of osCommerce is pretty out of the box. About the only thing I've changed are some css files. Anyway, here's the warning: Description: The remote web server hosts CGI scripts that fail to adequately sanitize parameters name of malicious Javascript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. Plugin output Using the GET HTTP method, Nessus found that : + The following resources may be vulnerable to XSS (on parameters names) : /products_new.php?%FF%FE%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%33%31 %33%29%3C%2F%73%63%72%69%70%74%3E=1 -------- request -------- GET /products_new.php?%FF%FE%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%33%31%33 %29%3C%2F%73%63%72%69%70%74%3E=1 HTTP/1.1 Host: <removed> Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1 Accept-Language: en Connection: Close Cookie: osCsid=93kevob3dftigcb7pvhfcf5sr5 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Pragma: no-cache Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* ------------------------ -------- output -------- <td width="130" valign="top" class="main"><a href="http://<removed> [...] <td valign="top" class="main"><a href="http://<removed>/pr [...] <td align="right" valign="middle" class="smallText"><span class="tdbLink "><a id="tdb4" href="http://<removed>/products_new.php? <script >alert(313)</script>=1&action=buy_now&products_id=21">Add to Car t</a></span><script type="text/javascript">$("#tdb4").button({icons:{pri mary:"ui-icon-cart"}}) .addClass("ui-priority-secondary").parent().remove Class("tdbLink");</scrip t></td> </tr> <tr> Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.