Results 1 to 2 of 2
  1. #1
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,783
    Blog Entries
    2
    Plugin Contributions
    1

    Default XSS Vulnerability in v1.3.7

    We have been informed of a XSS vulnerability in Zen Cart 1.3.7 (and prior versions).

    The vulnerability only affects those people using the special TEXT input attribute on their products.

    The problem arises due to insufficient cleansing of outputs.

    NOTE: we have fixed the vulnerability by specifically targeting output functions where the TEXT attribute is displayed, in both catalog and admin. This is how we have addressed possible and actual XSS vulnerabilities in the past.
    We have not used global cleansing of all $_POST variables, as this may limit the functionality of various intrinsic Zen Cart operations.

    A patch fix for v1.3.7 will be posted within the hour.

  2. #2
    Join Date
    Jan 2004
    Posts
    60,545
    Blog Entries
    4
    Plugin Contributions
    145

    Default Re: XSS Vulnerability in v1.3.7

    FILES AFFECTED
    ==============
    The files affected are:
    /readme.txt (this file should not be uploaded to your site. All the rest should)
    /admin/orders.php
    /admin/packingslip.php
    /admin/invoice.php
    /includes/modules/pages/shopping_cart/header_php.php
    /includes/templates/template_default/templates/tpl_account_history_info_default.php
    /includes/templates/template_default/templates/tpl_checkout_confirmation_default.php


    INSTALLATION for v1.3.7 sites:
    ====================
    1. Download the patch from SourceForge here.
    2. Upload the patched files to replace the existing files of the same name/folder.

    Remember, if you have renamed your admin folder, you will have to use *that*
    folder name when copying/uploading the /admin/ folder files.

    Further, if you have customized copies of the enclosed template files, you
    should manually apply the changes from these files into your customized files.
    Using WinMerge as a file-comparison tool will help you quickly identify your
    customizations and help you merge the changes easily.


    INSTALLATION for sites OLDER THAN v1.3.7:
    =============================
    If you need to apply these fixes to an older version of Zen Cart, do NOT use the patched zip file. Instead, this can be accomplished by manual edits -- replacing this:

    Code:
    $order->products[$i]['attributes'][$j]['value']
    with this:
    Code:
    zen_output_string_protected($order->products[$i]['attributes'][$j]['value'])
    ... in the affected files.

    Depending on which version you have, you'll find a need to change either line #118 of template_default/templates/tpl_shopping_cart_default.php
    Code:
    $products[$i][$option]['products_options_values_name'] = $attr_value ;
    becomes:
    Code:
    $products[$i][$option]['products_options_values_name'] = zen_output_string_protected($attr_value);
    or modules/pages/shopping_cart/header_php.php, like this:
    Code:
    $attrArray[$option]['products_options_values_name'] = $attr_value
    becomes:
    Code:
    $attrArray[$option]['products_options_values_name'] = zen_output_string_protected($attr_value)
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donations always welcome: www.zen-cart.com/donate

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.



 

 

Similar Threads

  1. Center the Header Logo on V1.3.7
    By mike1969 in forum Templates, Stylesheets, Page Layout
    Replies: 23
    Last Post: 28 Jan 2011, 07:48 PM
  2. Search box align left for v1.3.7
    By davidf in forum Templates, Stylesheets, Page Layout
    Replies: 4
    Last Post: 8 May 2007, 06:59 AM
  3. "Refund Support" in ZC v1.3.7
    By TonyBenedetti in forum Built-in Shipping and Payment Modules
    Replies: 6
    Last Post: 18 Jan 2007, 05:39 PM
  4. Coupon restrictions NOT working on V1.3.7
    By DragnSoul in forum Discounts/Coupons, Gift Certificates, Newsletters, Ads
    Replies: 3
    Last Post: 7 Jan 2007, 11:22 PM
  5. [FIX] v1.3.5 XSS Exploits Found
    By catv in forum Bug Reports
    Replies: 19
    Last Post: 29 Oct 2006, 05:51 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •