# Ariko-Security: Security Audits , Audyt bezpieczeństwa
# Advisory: 725/2010

============ { Ariko-Security - Advisory #1/8/2010 } =============

Multiple XSS, multiple iFrame injections, unencrypted Login Requests vulnerabilities in CSTORE 3.0 e-commerce

Vendor's Description of Software:
# http://www.cstore.pl/software1.html
Demo
# http://demo.cstore.pl/

Dork:
# n/a

Application Info:
# Name: Cstore
# Last version 3.0

Vulnerability Info:
# Type: multiple XSS
# Type: multiple Iframe Injections
# Type: unencrypted Login Requests

Fix:
# N/A

Time Table:
# 17/08/2010 - Vendor notified and responded

1.  Input passed to the "introducer","email" ,"producent","podkat","id","do_search","_search_to","_search_promotion","_search_photo","_search_from","_search_desc","_search_category" parameters in index.php is not properly sanitised before being returned to the user and is possible to inject iFrames (id, introducer,email)

2. Input passed to the "pokazuje_rej","menu","pokazuj" parameters in /admin/index.php is not properly

sanitised before being returned to the user and is possible to inject iFrames (pokazuj_rej,menu)

3. Unencrypted Login Requests

It may be possible to steal user login information such as usernames and passwords that are sent unencrypted
username_form=admin&password_form=password&brak=

Solution:
# Input validation of all mentioned parameters should be corrected.

# Parameters username and password_form should be encrypted when sent to the server.

Credit:
# Discoverd By: MG / Ariko-Security 2010