AbanteCart Community

Shopping Cart Operations => Security => Topic started by: abantecart on February 16, 2013, 02:55:47 PM

Title: Light cross-site scripting vulnerability fix
Post by: abantecart on February 16, 2013, 02:55:47 PM
Light cross-site scripting vulnerability has been detected in AbanteCart.
Detected vulnerability does not cause any harm to AbanteCart or content.
To fix the problem, please read below.

Effected versions: Up to 1.1.3

About Risk:  This is a low risk cross-site scripting vulnerability. Not potential harm to code, database or server structure.

About the fix:
Fix is only 1 file that can be replaces or change manually
Option 1 (version 1.1.3):
Locate file: /core/engine/html.php  and replace with attached file

Option 2 (prior to version 1.1.3)
Locate and open file: /core/engine/html.php    
Locate  below code (about line # 114)

Code: [Select]
public function removeQueryVar($url, $vars) {
list($url_part, $q_part) = explode('?', $url);
parse_str($q_part, $q_vars);
if (!is_array($vars)) {
$vars = array( $vars );
}
foreach ($vars as $v)
unset($q_vars[ $v ]);

$new_qs = urldecode(http_build_query($q_vars));
return $url_part . '?' . $new_qs;
}

Replace with below code:

Code: [Select]
public function removeQueryVar($url, $vars) {
list($url_part, $q_part) = explode('?', $url);
parse_str($q_part, $q_vars);
if (!is_array($vars)) {
$vars = array( $vars );
}
foreach ($vars as $v)
unset($q_vars[ $v ]);

foreach ($q_vars as $key => $value)
$q_vars[$key] = $this->request->clean($value);

$new_qs = urldecode(http_build_query($q_vars));
return $url_part . '?' . $new_qs;
}

This issue is toughly addressed and eliminated in coming version of AbanteCart
Title: Re: Light cross-site scripting vulnerability fix
Post by: DamonPadilla on August 15, 2013, 09:43:43 AM
Light cross-site scripting vulnerability has been detected in AbanteCart.
Detected vulnerability does not cause any harm to AbanteCart or content.
To fix the problem, please read below.


Thanks for sharing the code.. I am facing similar vulnerability and now I think my problem is solved.. Thanks again