CodeThat.com CodeThatShoppingCart Multiple Input Validation Vulnerabilities
BID:13560
Info
CodeThat.com CodeThatShoppingCart Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 13560 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 09 2005 12:00AM |
| Updated: | May 09 2005 12:00AM |
| Credit: | Discovery is credited to Lostmon and icaro. |
| Vulnerable: |
CodeThat.com CodeThatShoppingCart 1.3.1 |
| Not Vulnerable: | |
Discussion
CodeThat.com CodeThatShoppingCart Multiple Input Validation Vulnerabilities
CodeThatShoppingCart is reportedly affected by multiple input validation vulnerabilities. These issues may allow remote attackers to carry out cross-site scripting and SQL injection attacks. An attacker may also potentially disclose sensitive data.
CodeThatShoppingCart 1.3.1 was reported to be vulnerable. Other versions may be affected as well.
CodeThatShoppingCart is reportedly affected by multiple input validation vulnerabilities. These issues may allow remote attackers to carry out cross-site scripting and SQL injection attacks. An attacker may also potentially disclose sensitive data.
CodeThatShoppingCart 1.3.1 was reported to be vulnerable. Other versions may be affected as well.
Exploit / POC
CodeThat.com CodeThatShoppingCart Multiple Input Validation Vulnerabilities
An exploit is not required.
Proof of concept examples are available:
http://www.example.com/codethat/catalog.php?action=category_show
&id=2"><script>alert(document.cookie)</script>
http://www.example.com/shoppingcart/catalog.php?action=category_show
&id=1%20or%20like%20%60a%%60
http://www.example.com/shoppingcart/demo/catalog.php?action=
category_show&id=1%20or%201=1
An exploit is not required.
Proof of concept examples are available:
http://www.example.com/codethat/catalog.php?action=category_show
&id=2"><script>alert(document.cookie)</script>
http://www.example.com/shoppingcart/catalog.php?action=category_show
&id=1%20or%20like%20%60a%%60
http://www.example.com/shoppingcart/demo/catalog.php?action=
category_show&id=1%20or%201=1
Solution / Fix
CodeThat.com CodeThatShoppingCart Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
CodeThat.com CodeThatShoppingCart Multiple Input Validation Vulnerabilities
References:
References:
- CodeThat ShoppingCart Critical information disclosure (Lostmon)
- CodeThatShoppingCart (CodeThat.com)