Web application abuses : CactuShop XSS and SQL injection flaws

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.15461

Categoría: Web application abuses

Título: CactuShop XSS and SQL injection flaws

Resumen: The remote host runs CactuShop, an e-commerce web application written in ASP.;;The remote version of this software is vulnerable to cross-site scripting;due to a lack of sanitization of user-supplied data in the script;'popuplargeimage.asp'.;;Successful exploitation of this issue may allow an attacker to execute;malicious script code on a vulnerable server.;;This version may also be vulnerable to SQL injection attacks in;the scripts 'mailorder.asp' and 'payonline.asp'. The user-supplied;input parameter 'strItems' is not filtered before being used in;an SQL query. Thus the query modification through malformed input;is possible.;;Successful exploitation of this vulnerability can enable an attacker;to execute commands in the system (via MS SQL the function xp_cmdshell).

Descripción: Summary:
The remote host runs CactuShop, an e-commerce web application written in ASP.

The remote version of this software is vulnerable to cross-site scripting
due to a lack of sanitization of user-supplied data in the script
'popuplargeimage.asp'.

Successful exploitation of this issue may allow an attacker to execute
malicious script code on a vulnerable server.

This version may also be vulnerable to SQL injection attacks in
the scripts 'mailorder.asp' and 'payonline.asp'. The user-supplied
input parameter 'strItems' is not filtered before being used in
an SQL query. Thus the query modification through malformed input
is possible.

Successful exploitation of this vulnerability can enable an attacker
to execute commands in the system (via MS SQL the function xp_cmdshell).

Solution:
Upgrade to the latest version of this software.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1881
BugTraq ID: 10019
http://www.securityfocus.com/bid/10019
Bugtraq: 20040331 CactuSoft CactuShop v5.x shopping cart software multiple security (Google Search)
http://marc.info/?l=bugtraq&m=108075059013762&w=2
http://www.s-quadra.com/advisories/Adv-20040331.txt
http://www.osvdb.org/4785
http://www.osvdb.org/4786
http://securitytracker.com/id?1009601
http://secunia.com/advisories/11272
XForce ISS Database: cactushop-multiple-sql-injection(15686)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15686
Common Vulnerability Exposure (CVE) ID: CVE-2004-1882
BugTraq ID: 10020
http://www.securityfocus.com/bid/10020
http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/019566.html
http://www.osvdb.org/4787
XForce ISS Database: cactushop-popularlargeimageasp-xss(15687)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15687

Copyright Copyright (C) 2004 David Maciejak

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.15461
Categoría:	Web application abuses
Título:	CactuShop XSS and SQL injection flaws
Resumen:	The remote host runs CactuShop, an e-commerce web application written in ASP.;;The remote version of this software is vulnerable to cross-site scripting;due to a lack of sanitization of user-supplied data in the script;'popuplargeimage.asp'.;;Successful exploitation of this issue may allow an attacker to execute;malicious script code on a vulnerable server.;;This version may also be vulnerable to SQL injection attacks in;the scripts 'mailorder.asp' and 'payonline.asp'. The user-supplied;input parameter 'strItems' is not filtered before being used in;an SQL query. Thus the query modification through malformed input;is possible.;;Successful exploitation of this vulnerability can enable an attacker;to execute commands in the system (via MS SQL the function xp_cmdshell).
Descripción:	Summary: The remote host runs CactuShop, an e-commerce web application written in ASP. The remote version of this software is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied data in the script 'popuplargeimage.asp'. Successful exploitation of this issue may allow an attacker to execute malicious script code on a vulnerable server. This version may also be vulnerable to SQL injection attacks in the scripts 'mailorder.asp' and 'payonline.asp'. The user-supplied input parameter 'strItems' is not filtered before being used in an SQL query. Thus the query modification through malformed input is possible. Successful exploitation of this vulnerability can enable an attacker to execute commands in the system (via MS SQL the function xp_cmdshell). Solution: Upgrade to the latest version of this software. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1881 BugTraq ID: 10019 http://www.securityfocus.com/bid/10019 Bugtraq: 20040331 CactuSoft CactuShop v5.x shopping cart software multiple security (Google Search) http://marc.info/?l=bugtraq&m=108075059013762&w=2 http://www.s-quadra.com/advisories/Adv-20040331.txt http://www.osvdb.org/4785 http://www.osvdb.org/4786 http://securitytracker.com/id?1009601 http://secunia.com/advisories/11272 XForce ISS Database: cactushop-multiple-sql-injection(15686) https://exchange.xforce.ibmcloud.com/vulnerabilities/15686 Common Vulnerability Exposure (CVE) ID: CVE-2004-1882 BugTraq ID: 10020 http://www.securityfocus.com/bid/10020 http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/019566.html http://www.osvdb.org/4787 XForce ISS Database: cactushop-popularlargeimageasp-xss(15687) https://exchange.xforce.ibmcloud.com/vulnerabilities/15687
Copyright	Copyright (C) 2004 David Maciejak