| 제목 | ShopXO 6.5.0 Cross Site Scripting |
|---|
| 설명 | Summary
A Reflected Cross-Site Scripting (XSS) vulnerability exists in ShopXO 6.5.0, allowing attackers to inject arbitrary JavaScript via the lang parameter. The vulnerability occurs due to insufficient input sanitization in multilingual support functionality, where user-supplied input is directly embedded into JavaScript code without proper escaping.
Details
The lang parameter value is directly inserted into JavaScript code without proper escaping for single quotes (').
While the parameter is used to set a JavaScript variable, the lack of proper sanitization allows breaking out of the string context and injecting arbitrary code.
Vulnerable Code Locations:
app/index/view/default/public/header.html
app/admin/view/default/public/header.html
app/install/view/public/header.html
Vulnerable Code Snippet:
<script>
{{if !empty($lang_data)}}
{{foreach $lang_data as $k=>$v}}
{{if !empty($k) and isset($v) and !is_array($v)}}
var lang_{{$k}} = '{{$v}}';
{{/if}}
{{/foreach}}
{{/if}}
...
```
# Proof of Concept (PoC)
http://target-ip/?lang=1%27;alert(234);var%20__test__=%271
# Impact
Session Hijacking: Steal admin/user cookies via `document.cookie`.
Phishing Attacks: Inject fake login forms or redirect users.
Privilege Escalation: Modify admin settings if exploited in the backend. |
|---|
| 원천 | ⚠️ https://github.com/gongfuxiang/shopxo/issues/89 |
|---|
| 사용자 | jiashenghe (UID 39445) |
|---|
| 제출 | 2025. 07. 01. AM 08:23 (12 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 12. PM 11:26 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 316265 [ShopXO 까지 6.5.0 header.html lang/system_type 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|