Fullaspsite Shop Listmain.ASP Multiple Input Validation Vulnerabilities
BID:22545
Info
Fullaspsite Shop Listmain.ASP Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 22545 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0950 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 13 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | ShaFuck31 is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Fullaspsite ASP Hosting Site 0 |
| Not Vulnerable: | |
Discussion
Fullaspsite Shop Listmain.ASP Multiple Input Validation Vulnerabilities
Fullaspsite Shop is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Fullaspsite Shop is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Exploit / POC
Fullaspsite Shop Listmain.ASP Multiple Input Validation Vulnerabilities
Attackers can exploit these issues via a web client.
An example URI has been provided for the SQL-injection vulnerability:
http://www.example.com/ScriptPath/listmain.asp?cat=[ SqL Code ]
A sample URI has been provided for the cross-site scripting vulnerability:
Attackers can exploit these issues via a web client.
An example URI has been provided for the SQL-injection vulnerability:
http://www.example.com/ScriptPath/listmain.asp?cat=[ SqL Code ]
A sample URI has been provided for the cross-site scripting vulnerability:
Solution / Fix
Fullaspsite Shop Listmain.ASP Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any solutions for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any solutions for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Fullaspsite Shop Listmain.ASP Multiple Input Validation Vulnerabilities
References:
References: