| عنوان | ShopXO 6.5.0 Cross Site Scripting |
|---|
| الوصف | Summary
A Reflected Cross-Site Scripting (XSS) vulnerability exists in ShopXO 6.5.0, allowing attackers to inject arbitrary JavaScript via the lang parameter. The vulnerability occurs due to insufficient input sanitization in multilingual support functionality, where user-supplied input is directly embedded into JavaScript code without proper escaping.
Details
The lang parameter value is directly inserted into JavaScript code without proper escaping for single quotes (').
While the parameter is used to set a JavaScript variable, the lack of proper sanitization allows breaking out of the string context and injecting arbitrary code.
Vulnerable Code Locations:
app/index/view/default/public/header.html
app/admin/view/default/public/header.html
app/install/view/public/header.html
Vulnerable Code Snippet:
<script>
{{if !empty($lang_data)}}
{{foreach $lang_data as $k=>$v}}
{{if !empty($k) and isset($v) and !is_array($v)}}
var lang_{{$k}} = '{{$v}}';
{{/if}}
{{/foreach}}
{{/if}}
...
```
# Proof of Concept (PoC)
http://target-ip/?lang=1%27;alert(234);var%20__test__=%271
# Impact
Session Hijacking: Steal admin/user cookies via `document.cookie`.
Phishing Attacks: Inject fake login forms or redirect users.
Privilege Escalation: Modify admin settings if exploited in the backend. |
|---|
| المصدر | ⚠️ https://github.com/gongfuxiang/shopxo/issues/89 |
|---|
| المستخدم | jiashenghe (UID 39445) |
|---|
| ارسال | 01/07/2025 08:23 AM (12 أشهر منذ) |
|---|
| الاعتدال | 12/07/2025 11:26 PM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 316265 [ShopXO حتى 6.5.0 header.html lang/system_type البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|