lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 23 Jan 2004 17:30:29 +0300
From: S-Quadra Security Research <research@...uadra.com>
To: full-disclosure <full-disclosure@...ts.netsys.com>,
   bugtraq <bugtraq@...urityfocus.com>
Subject: QuadComm Q-Shop ASP Shopping Cart Software multiple security vulnerabilities


    S-Quadra Advisory #2004-01-23

Topic: QuadComm Q-Shop ASP Shopping Cart Software multiple security 
vulnerabilities
Severity: High
Vendor URL: http://www.quadcomm.com
Advisory URL: http://www.s-quadra.com/advisories/Adv-20040123.txt
Release date: 23 Jan 2004

 1. DESCRIPTION

Q-Shop is a shopping cart application for e-commerce enabled sites.
It's written on ASP, works on most Windows platforms and uses MS Access 
or MS SQL
Server as a backend. Please visit http://www.quadcomm.com for 
information about
Q-Shop shopping cart.

 2. DETAILS

-- Vulnerability 1: SQL Injection vulnerabilities

An SQL Injection vulnerabilities have been found in the following scripts:

search.asp, browse.asp, details.asp, showcat.asp, users.asp, 
addtomylist.asp,
modline.asp, cart.asp, newuser.asp

User supplied input is not filtered before being used in a SQL query. 
Consequently,
query modification using malformed input is possible.

Successfull exploitation of this vulnerability could allow an attacker 
in the worst case to execute
arbitrary commands on a target's system (via MS SQL xp_cmdshell function).

-- Vulnerability 2: Cross Site Scripting vulnerabilities

Cross Site Scripting vulnerabilities have been found in the following 
scripts:

imagezoom.asp, recommend.asp

By injecting a specially crafted javascript code in url and tricking a 
user to visit
it a remote attacker can steal user session id and gain access to user's 
personal data.

 3. FIX INFORMATION

S-Quadra alerted QuadComm development team to these issues on 16 Jan 2004.
No response has been received. No fix available at the time of writing.

 4. CREDITS

Nick Gudov <cipher@...uadra.com> is responsible for discovering
this issue.

 5. ABOUT

S-Quadra offers services in computer security, penetration testing and
network assesment, web application security, source code review and 
third party product
vulnerability assesment, forensic support and reverse engineering.

Security is an art and our goal is to bring responsible and high quality
security service to the IT market, customized to meet the unique needs 
of each
individual client.

S-Quadra, (pronounced es quadra), is not an acronym.
It's unique, creative and innovative - just like the security services
we bring to our clients.

            S-Quadra Vendor Report #2004-01-23

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ