SpiderSales Shopping Cart Multiple Vulnerabilities
BID:9799
Info
SpiderSales Shopping Cart Multiple Vulnerabilities
| Bugtraq ID: | 9799 |
| Class: | Unknown |
| CVE: |
CVE-2004-0348 CVE-2004-0350 CVE-2004-0351 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 03 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | The disclosure of these issues has been credited to Nick Gudov <[email protected]>. |
| Vulnerable: |
SpiderSales SpiderSales 2.0 |
| Not Vulnerable: | |
Discussion
SpiderSales Shopping Cart Multiple Vulnerabilities
Multiple vulnerabilities have been identified in the application that may allow an attacker to obtain the private cryptographic key and gain access to sensitive information. The application is also reported prone to an SQL injection vulnerability that may allow an attacker to gain administrative level access to the underlying database.
The issues exist due to improper implementation of the RSA cryptosystem by SpiderSales and failure to sanitize user-supplied input via the 'userId' URI parameter employed by various scripts.
SpiderSales version 2.0 is assumed to be vulnerable to these issues, however, other versions could be affected as well.
Multiple vulnerabilities have been identified in the application that may allow an attacker to obtain the private cryptographic key and gain access to sensitive information. The application is also reported prone to an SQL injection vulnerability that may allow an attacker to gain administrative level access to the underlying database.
The issues exist due to improper implementation of the RSA cryptosystem by SpiderSales and failure to sanitize user-supplied input via the 'userId' URI parameter employed by various scripts.
SpiderSales version 2.0 is assumed to be vulnerable to these issues, however, other versions could be affected as well.
Exploit / POC
SpiderSales Shopping Cart Multiple Vulnerabilities
The following proof of concept has been provided:
http://www.example.com/Carts/Computers/viewCart.asp?userID=2893225125722634';exec%20master..xp_cmdshell%20'dir%20c:%20>%20c:\inetpub\wwwroot\dirc.txt'--&viewID=48
The following proof of concept has been provided:
http://www.example.com/Carts/Computers/viewCart.asp?userID=2893225125722634';exec%20master..xp_cmdshell%20'dir%20c:%20>%20c:\inetpub\wwwroot\dirc.txt'--&viewID=48
Solution / Fix
SpiderSales Shopping Cart Multiple Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
SpiderSales Shopping Cart Multiple Vulnerabilities
References:
References:
- Homepage (SpiderSales)
- Spider Sales shopping cart software multiple security vulnerabilities (S-Quadra Security Research