ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection: Posted Nov 19, 2010; Authored by Ariko-Security; ViArt SHOP version 4.0.5 suffers from cross site scripting and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | 1337e98c02ad0b166da6fb21b4fbcdbc7cb096ce66b35f262001044b2fec92ea; Download | Favorite | View

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

# Title: [ViArt SHOP multiple vulnerabilities]
# Date: [18.11.2010]
# Author: [Ariko-Security]
# Software Link: [http://www.viart.com]
# Version: [4.0.5]
 
 
============ { Ariko-Security - Advisory #2/11/2010 } =============
 
ViArt SHOP multiple vulnerabilities
 
Vendor's Description of Software and demo:
# http://demo-shop.viart.com/ & http://www.viart.com
 
Dork:
# N/A
 
Application Info:
# ViArt SHOP
# version last 4.0.5
 
Vulnerability Info:
# Type: multiple SQL injections, multiple XSS, multiple iFrame injections, multiple link injections , redirector abuse.
 
Time Table:
# 10/11/2010 - Vendor notified.
# 18/11/2010 - Vendor released fix (partial)
 
Fix:
# http://www.viart.com/update_logic_to_increase_site_security_and_fix_xss-compatibility_issues.html
 
SQL injections:
 
Input passed via the "rnd" parameter to products_search.php is not properly
sanitised before being used in a SQL query.
Input passed via the "filter" parameter to products.php is not properly
sanitised before being used in a SQL query.
 
XSS, iFrame Injections, Link injections:
 
 
Input passed to the "search_category_id" and "category_id" parameters in ads.php is not properly
sanitised before being returned to the user.
 
Input passed to the "category_id" parameter in article.php and articles.php is not properly
sanitised before being returned to the user.
 
Input passed to the "rp" parameter in basket.php and product_details.php is not properly
sanitised before being returned to the user.
 
Input passed to the "postal_code" parameter in shipping_calculator.php is not properly
sanitised before being returned to the user.
 
Input passed to the "s_fds" , "s_tit" ,"s_cod" parameters in search.php is not properly
sanitised before being returned to the user.
 
Input passed to the "s_sds" parameter in ads_search.php is not properly
sanitised before being returned to the user.
 
URL redirector ABUSE:
 
user_profile.php vulnerable parameter "return_page"
 
 
Solution:
# Input validation of all vulnerable parameters should be corrected.
 
Credit:
# Discoverd By: Ariko-Security 2010
Advisory:
# http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_746.html

Top Authors In Last 30 Days

Red Hat 200 files
Ubuntu 105 files
indoushka 31 files
Debian 23 files
CraCkEr 15 files
Gentoo 14 files
Google Security Research 12 files
Mirabbas Agalarov 9 files
Apple 8 files
nu11secur1ty 7 files

File Archives

Systems

AIX (428)
Apple (1,979)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,758)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,321)
HPUX (879)
iOS (344)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,866)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,370)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,652)
UNIX (9,246)
UnixWare (186)
Windows (6,557)
Other

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

Share This

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems