Bugtraq: Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues

From: admin () majorsecurity de
Date: 22 Sep 2008 18:09:05 -0000

It's not the "PHPSESSID" parameter - instead it's the "XTCsid" parameter which is vulnerable to a session fixation 
attack. 

Workaround: 
================
Update to xt:Commerce 3.0.4 SP 2.1

By Date By Thread

Current thread:

[MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues admin (Sep 22)
- Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues Philipp Hagemeister (Sep 23)
- <Possible follow-ups>
- Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues admin (Sep 22)