[原文]Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie.
Amazon Webstore contains a flaw that allows a remote cookie script injection attack. The flaw exists because the application does not properly validate variables set in the cookie. This could allow a user to create a specially crafted URL that would create a poisoned cookie that executes arbitrary script within the trust relationship between the user's browser and the server.
Upgrade to version 05022600 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Lostmon <email@example.com> is credited with the discovery of this vulnerability.
Just William's Amazon Webstore 04050100
Amazon Webstore is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
This issue reportedly affects Amazon Webstore version 04050100; other versions may also be vulnerable.
No exploit is required.
The following proof of concept is available: http://www.example.com/uk/list/c/software_CAD_Technical_60002_uk.htm?currentNumber=4.3%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&currentIsExpanded=0
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.