"Eazy Cart" Multiple Security Issues

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1053116 漏洞类型
发布时间 2006-10-15 更新时间 2006-10-15
CVE编号 CVE-2006-5247
CVE-2006-5246
CVE-2006-5245
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2006100081
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MHL-2006-001 - Public Advisory

+-----------------------------------------------------------+
|            Eazy Cart Multiple Security Issues             |
+-----------------------------------------------------------+

PUBLISHED ON
  October 9th, 2006

PUBLISHED AT
  http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt
  http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001

PUBLISHED BY
  Mayhemic Labs
  http://www.mayhemiclabs.com

security AT mayhemiclabs DOT com
  GPG key: 0x56143F84

APPLICATION
  Eazy Cart
  http://www.eazycart.com/
  "Eazy Cart the easy to install shopping cart system"

AFFECTED VERSIONS
  All Verison

ISSUES
  Eazy Cart is vulnerable to authenication bypassing,
  data injection, and XSS attacks

1) Authenication bypass
	Eazy Cart does not check login credentials past the
	initial login screen of the administration menu.
	
	Example:
	An attacker can access all administrative functions
	without authentication by going to /admin/home/index.php.
	
	2) Data Injection
	Eazy Cart trusts user entered data implicitly, allowing
	an attacker to adjust prices and other values when
	ordering.
	
	Example: A user can craft a malicious URL to submit
	incorrect data to easycart.php telling it to add items
	to its cart for incorrect prices, including negative
	values.
	
	3) XSS
	Eazy Cart trusts user entered data implicitly, not
	sanatizing it for malicious code.
	
	Example: A user can craft a malicious URL to submit
	incorrect data to easycart.php feeding it malicious
	javascript
	
WORKAROUNDS
	None at this time

SOLUTIONS
	None at this time

REFERENCES
	None
	
TIMELINE
	October 3rd, 2006
		Vendor/Developer Notified
	October 8th, 2006
		Vendor/Developer notification returned.
	October 9th, 2006
		Public Release

ADDITIONAL CREDIT
  N/A

LICENSE
  Creative Commons Attribution-ShareAlike License
  http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFKvXhzjnMaVYUP4QRAh6bAKC6C4ZG/KkYsijeVnC2AuiwvG1O1wCeNePN
aVJsxgezSujUz7MNkJQavJ8=
=Is2h
-----END PGP SIGNATURE-----