Zen Cart v1.2.0-l10n-jp-6 XSS PATCH Released Apr 10, 2008
====================================================================

ܲ(http://www.zen-cart.com/)ǥʥ󥹤줿XSSȼ

  XSS Vulnerability in v1.3.7
  http://www.zen-cart.com/forum/showthread.php?t=64115

v1.2.0-l10n-jp-6  кѥåǤ

zipեȤϰʲˤʤޤ
zen-cart-v1.2.0-l10n-jp-6-xss.patch
admin/invoice.php
admin/orders.php
admin/packingslip.php
includes/modules/checkout_process.php
includes/modules/payment/paypal.php
includes/templates/template_default/templates/tpl_account_history_info_default.php
includes/templates/template_default/templates/tpl_checkout_confirmation_default.php
includes/templates/template_default/templates/tpl_shopping_cart_default.php

ѥåŬѼ
==============

ѥåŬѤGNU diffѥåѤŬѤˡȽäե
֤ˡޤ

1. GNU diffѤˡ

zen-cart-v1.2.0-l10n-jp-6-xss.patchŬѤޤ
patchޥɤȤĶǡȼޥԤƤʤ

  $ cd /to/your/shop/root/
  $ patch -p0 < zen-cart-v1.2.0-l10n-jp-6-xss.patch

ŬѤǤޤ
patchޥɤȤʤĶ䡢ȼΥޥԤƤǤ
zen-cart-v1.2.0-l10n-jp-6-xss.patchȤǧƼȤǳƥե
˽ŬѤɬפޤ

zen-cart-v1.2.0-l10n-jp-6-xss.patchˤäƽեϤʤ
Υåץ롼۲ΰʲ8ĤΥեǤ
admin/invoice.php
admin/orders.php
admin/packingslip.php
includes/modules/checkout_process.php
includes/modules/payment/paypal.php
includes/templates/template_default/templates/tpl_account_history_info_default.php
includes/templates/template_default/templates/tpl_checkout_confirmation_default.php
includes/templates/template_default/templates/tpl_shopping_cart_default.php

2. ե֤ˡ

ʤΥåפ

admin/invoice.php
admin/orders.php
admin/packingslip.php
includes/modules/checkout_process.php
includes/modules/payment/paypal.php
includes/templates/template_default/templates/tpl_account_history_info_default.php
includes/templates/template_default/templates/tpl_checkout_confirmation_default.php
includes/templates/template_default/templates/tpl_shopping_cart_default.php

ܥѥåƱƤƱ̾Υե֤ޤ
ȼΥޥԤƤGNU diffѤˡ
Ʊͤ˥եνʬǧʤȤǳƥե˽Ŭ
ɬפޤäȼƥץ졼ȤѤƤϡ

  includes/templates/template_default/

ǤϤʤ

  includes/templates/[ʤȼƥץ졼̾]/

۲ΥեŬѤɬפˤʤޤΤդɬפǤGNU diffѻ
ȼƥץ졼̾ѤƤϤդƤϤޤޤˡ


ѥåŬѤγǧ
====================

ܥѥåTEXTפξʥץXSSȼΤǤ
 äTEXTפξʥץѤƤʤåפǤ
   ȼƤޤ

ѥåŬѤԤ줿Ȥǧˤϰʲμ»ܤ
ʤʲμǤϥ֥饦JavaScriptɬOnˤ
                                        ~~~~~~~~~~~~~~~~~~~~
ԤäƤ

1. TEXTפξʥץľʤ

2. 1ʤξʾܺٲ(main_page=product_info)˥
   ɽTEXTץ
     <script>alert('XSS is occur!');</script>
   ϤơȤܥ򲡤ޤ

3. 2饫Ȳ̤ܤJavaScriptΥ顼Ȥ[XSS is occur!]
   Ȥåȶɽ줺2ͤTEXTץ
   ȤƤΤޤɽƤ뤳Ȥǧޤ

4. 3餽Τޤ޾ʤι³ʤƤޤǽǧ(
   main_page=checkout_confirmation)3ƱͤJavaScriptΥ顼
   ɽ줺2ͤTEXTץͤȤƤΤޤɽ
   Ƥ뤳Ȥǧޤ

5. 4³λޤθ塢ޥڡʸ
   ʸܺٲ(main_page=account_history_info)˥
   3ƱͤJavaScriptΥ顼Ȥɽ줺2ͤTEXT
   ץͤȤƤΤޤɽƤ뤳Ȥǧޤ

6. 5̤˥󤷡̤[ܵҡʸδ]
   ->[ʸ]˥JavaScriptΥ顼ȤɽʤȤ
   ǧޤޤʸԽ̤ܤ3ƱͤJavaScript
   顼Ȥɽ줺2ͤTEXTץͤȤƤΤޤ
   ɽƤ뤳Ȥǧޤ

7. 6顢ʸ[Ǽʽ][ɽ]˥줾β̤
   ơ3ƱͤJavaScriptΥ顼Ȥɽ줺2ͤTEXT
   ץͤȤƤΤޤɽƤ뤳Ȥǧޤ

8. PayPalбƤ륷åפǤϡʧˡPayPalꤷơ
   2ϤԤäʤιԤ3ƱͤJavaScriptΥ顼Ȥ
   ɽ줺PayPalǤιޤ̤Ԥ뤳Ȥǧޤ



====

ΥѥåŬѤϼǤǹԤäƤ
ޤΥѥåŬѤˤʤΥƥХåå
뤳Ȥ˺ʤǤ


                                         Zen-Cart.JP <dev@zen-cart.jp>
