EarlyImpact ProductCart多个漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107724 漏洞类型 未知
发布时间 2004-02-16 更新时间 2006-09-25
CVE编号 CVE-2004-2172 CNNVD-ID CNNVD-200412-817
漏洞平台 ASP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/23702
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-817
|漏洞详情
EarlyImpactProductCart使用一个弱加密计划加密密码,远程攻击者可以借助一个已选纯文本攻击获取密码。
|漏洞EXP
source: http://www.securityfocus.com/bid/9669/info

EarlyImpact ProductCart is reportedly prone to multiple vulnerabilities. The specific issues include SQL injection, cross-site scripting and cryptographic weaknesses. These issues could expose sensitive data such as user credentials and allow for execution of hostile script code and HTML. These issues could allow for full compromise of the software.

An attacker register new customer in store. Let the value of 'First
Name' field in registration form will be equal to
'1*2*3*4*5*6*7*8*9*10*', the value of 'Last Name ' field will be equal
to '34567', the value of 'Password' field will be equal to '111' and the
value of 'Postal Code' field will be equal to '987654'.
|参考资料

来源:XF
名称:productcart-keystream-obtain-information(15231)
链接:http://xforce.iss.net/xforce/xfdb/15231
来源:BID
名称:9669
链接:http://www.securityfocus.com/bid/9669
来源:www.s-quadra.com
链接:http://www.s-quadra.com/advisories/Adv-20040216.txt
来源:BUGTRAQ
名称:20040218Re:EarlyImpactProductCartshoppingcartsoftwaremultiplesecurityvulnerabilities
链接:http://archives.neohapsis.com/archives/bugtraq/2004-02/0503.html
来源:BUGTRAQ
名称:20040216EarlyImpactProductCartshoppingcartsoftwaremultiplesecurityvulnerabilities
链接:http://www.securityfocus.com/archive/1/354288
来源:OSVDB
名称:3979
链接:http://www.osvdb.org/3979
来源:www.earlyimpact.com
链接:http://www.earlyimpact.com/productcart/support/updates/ReadMe_ProductCart_Security_Patch_013004.txt
来源:SECTRACK
名称:1009085
链接:http://securitytracker.com/alerts/2004/Feb/1009085.html
来源:SECUNIA
名称:10898
链接:http://secunia.com/advisories/10898
来源:FULLDISC
名称:20040216EarlyImpactProductCartshoppingcartsoftwaremultiplesecurityvulnerabilities
链接:http://archives.neohapsis.com/archives/full