Author Topic: CRE Loaded Link Page Vulnerability with beta Fix.  (Read 17819 times)

Offline David M. Graham

  • Administrator
  • Sr. Member
  • *****
  • Posts: 381
  • Karma: 12
    • View Profile
    • osCommerce University
Re: CRE Loaded Link Page Vulnerability with beta Fix.
« Reply #16 on: September 07, 2010, 01:46:33 PM »
Well, if I read that right, I certainly agree.   :)

dorian

  • Guest
Re: CRE Loaded Link Page Vulnerability with beta Fix.
« Reply #15 on: August 11, 2010, 04:36:35 PM »
JavaScript is too lag. php script too faster.
astigmatism
« Last Edit: June 12, 2011, 05:19:27 AM by dorian »

Offline David M. Graham

  • Administrator
  • Sr. Member
  • *****
  • Posts: 381
  • Karma: 12
    • View Profile
    • osCommerce University
Re: CRE Loaded Link Page Vulnerability with beta Fix.
« Reply #14 on: April 15, 2009, 11:06:31 AM »
You are missing my whole point, David. I am using examples.

Ok, I have the point that you meant to say something like:

"Shouldn't CRE Loaded use JavaScript to check for new updates whenever someone logs in to the Admin and notify them of new releases?"

Might have gotten it quicker if you'd just said what you meant.  Certainly the thread would scan better.

However, again -  the use of Javascript is just not necessary.  The existing ad server could do just this - with a specific ad group called only from the login page.

The ONLY advantage this offers over the existing (heavily abused) system is that it would only be presented on that page and could help avoid creating a sluggish admin and annoyed CRE Loaded users if CRE was willing to give up Admin Spamming their "captive audience".

Does that clarify things for everyone?

David

butlimous

  • Guest
Re: CRE Loaded Link Page Vulnerability with beta Fix.
« Reply #13 on: April 12, 2009, 03:43:14 PM »
Quote
You are missing my whole point, David. I am using examples.

I think that he is confused  ???

<spam links removed by moderator>
« Last Edit: April 12, 2009, 04:02:59 PM by David M. Graham »

Offline inetbiz

  • eCommerce Strategy Consultant
  • Administrator
  • Full Member
  • *****
  • Posts: 135
  • Karma: 22
  • SKYNET; T3; Apple Inc. Coincidence?
    • View Profile
    • Hosting for Creloaded Cart
Re: CRE Loaded Link Page Vulnerability with beta Fix.
« Reply #12 on: September 15, 2008, 10:10:06 AM »
You are missing my whole point, David. I am using examples.

Offline David M. Graham

  • Administrator
  • Sr. Member
  • *****
  • Posts: 381
  • Karma: 12
    • View Profile
    • osCommerce University
Re: CRE Loaded Link Page Vulnerability with beta Fix.
« Reply #11 on: September 14, 2008, 09:14:07 AM »
They check to see if you are using the most up to date source.

Which has diddly to do with whether the user has turned off Javascript in their browser for security reasons.   No javascript, no feature.  Whats the point?


Offline inetbiz

  • eCommerce Strategy Consultant
  • Administrator
  • Full Member
  • *****
  • Posts: 135
  • Karma: 22
  • SKYNET; T3; Apple Inc. Coincidence?
    • View Profile
    • Hosting for Creloaded Cart
Re: CRE Loaded Link Page Vulnerability with beta Fix.
« Reply #10 on: September 13, 2008, 10:45:34 PM »
They check to see if you are using the most up to date source.

Offline David M. Graham

  • Administrator
  • Sr. Member
  • *****
  • Posts: 381
  • Karma: 12
    • View Profile
    • osCommerce University
Re: CRE Loaded Link Page Vulnerability with beta Fix.
« Reply #9 on: September 12, 2008, 06:43:21 AM »
It is just dicey.  I think the code may already rely too heavily on a client side technology which can be disabled.   Nor do I see what filezilla or winscp has anything to do with this.

Offline inetbiz

  • eCommerce Strategy Consultant
  • Administrator
  • Full Member
  • *****
  • Posts: 135
  • Karma: 22
  • SKYNET; T3; Apple Inc. Coincidence?
    • View Profile
    • Hosting for Creloaded Cart
Re: CRE Loaded Link Page Vulnerability with beta Fix.
« Reply #8 on: September 04, 2008, 04:27:10 PM »
Their next patch should take a look at the error message stack. While filezilla may be windows open source or even winscp, I think it's important to use a javascripted warn message of new updates to stock code. Do you agree or is that going over-board?

Offline David M. Graham

  • Administrator
  • Sr. Member
  • *****
  • Posts: 381
  • Karma: 12
    • View Profile
    • osCommerce University
Re: CRE Loaded Link Page Vulnerability with beta Fix.
« Reply #7 on: September 04, 2008, 12:17:06 PM »
Yes - sorry this is so belated.

CRE did issue a fix, which consists of two files - link.php and links_submit.php root files.  Archive attached.

Offline inetbiz

  • eCommerce Strategy Consultant
  • Administrator
  • Full Member
  • *****
  • Posts: 135
  • Karma: 22
  • SKYNET; T3; Apple Inc. Coincidence?
    • View Profile
    • Hosting for Creloaded Cart
Re: CRE Loaded Link Page Vulnerability with beta Fix.
« Reply #6 on: September 02, 2008, 12:35:02 PM »
Has there been any update to their code on this issue?

Offline inetbiz

  • eCommerce Strategy Consultant
  • Administrator
  • Full Member
  • *****
  • Posts: 135
  • Karma: 22
  • SKYNET; T3; Apple Inc. Coincidence?
    • View Profile
    • Hosting for Creloaded Cart
Re: CRE Loaded Link Page Vulnerability with beta Fix.
« Reply #5 on: June 08, 2008, 12:00:33 PM »
Name: CVE-2008-2557
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2557
Reference: MISC:http://oscommerceuniversity.com/lounge/index.php?topic=249.0

Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1 and
earlier allows remote attackers to inject arbitrary web script or HTML
via the (1) Links and (2) Links Submit pages.

Offline David M. Graham

  • Administrator
  • Sr. Member
  • *****
  • Posts: 381
  • Karma: 12
    • View Profile
    • osCommerce University
Re: CRE Loaded Link Page Vulnerability with beta Fix.
« Reply #4 on: June 05, 2008, 07:20:32 PM »
At this time, we have one report of an actual usage of a hack based on this vulnerability.  The issue was reported to Chain Reaction and a patch is reported in the works.

David

Offline David M. Graham

  • Administrator
  • Sr. Member
  • *****
  • Posts: 381
  • Karma: 12
    • View Profile
    • osCommerce University
Re: CRE Loaded Link Page Vulnerability with beta Fix.
« Reply #3 on: June 05, 2008, 05:43:46 PM »
The issue was an unfiltered links path component - the fix was casting the incoming path to the appropriate (int) data type. 

Regards,

David

Offline inetbiz

  • eCommerce Strategy Consultant
  • Administrator
  • Full Member
  • *****
  • Posts: 135
  • Karma: 22
  • SKYNET; T3; Apple Inc. Coincidence?
    • View Profile
    • Hosting for Creloaded Cart
Re: CRE Loaded Link Page Vulnerability with beta Fix.
« Reply #2 on: June 02, 2008, 01:27:35 PM »
Exactly what was the discovered vulnerability in cre loaded shopping cart that allowed cross site vulnerablity in the link pages and link submission?