ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection: Posted Nov 19, 2010; Authored by Ariko-Security; ViArt SHOP version 4.0.5 suffers from cross site scripting and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | 1337e98c02ad0b166da6fb21b4fbcdbc7cb096ce66b35f262001044b2fec92ea; Download | Favorite | View

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

# Title: [ViArt SHOP multiple vulnerabilities]
# Date: [18.11.2010]
# Author: [Ariko-Security]
# Software Link: [http://www.viart.com]
# Version: [4.0.5]
 
 
============ { Ariko-Security - Advisory #2/11/2010 } =============
 
ViArt SHOP multiple vulnerabilities
 
Vendor's Description of Software and demo:
# http://demo-shop.viart.com/ & http://www.viart.com
 
Dork:
# N/A
 
Application Info:
# ViArt SHOP
# version last 4.0.5
 
Vulnerability Info:
# Type: multiple SQL injections, multiple XSS, multiple iFrame injections, multiple link injections , redirector abuse.
 
Time Table:
# 10/11/2010 - Vendor notified.
# 18/11/2010 - Vendor released fix (partial)
 
Fix:
# http://www.viart.com/update_logic_to_increase_site_security_and_fix_xss-compatibility_issues.html
 
SQL injections:
 
Input passed via the "rnd" parameter to products_search.php is not properly
sanitised before being used in a SQL query.
Input passed via the "filter" parameter to products.php is not properly
sanitised before being used in a SQL query.
 
XSS, iFrame Injections, Link injections:
 
 
Input passed to the "search_category_id" and "category_id" parameters in ads.php is not properly
sanitised before being returned to the user.
 
Input passed to the "category_id" parameter in article.php and articles.php is not properly
sanitised before being returned to the user.
 
Input passed to the "rp" parameter in basket.php and product_details.php is not properly
sanitised before being returned to the user.
 
Input passed to the "postal_code" parameter in shipping_calculator.php is not properly
sanitised before being returned to the user.
 
Input passed to the "s_fds" , "s_tit" ,"s_cod" parameters in search.php is not properly
sanitised before being returned to the user.
 
Input passed to the "s_sds" parameter in ads_search.php is not properly
sanitised before being returned to the user.
 
URL redirector ABUSE:
 
user_profile.php vulnerable parameter "return_page"
 
 
Solution:
# Input validation of all vulnerable parameters should be corrected.
 
Credit:
# Discoverd By: Ariko-Security 2010
Advisory:
# http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_746.html

Top Authors In Last 30 Days

Red Hat 219 files
Ubuntu 85 files
indoushka 77 files
Jasper Nota 25 files
Gentoo 22 files
Debian 19 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,096)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,553)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,689)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,482)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,736)
UNIX (9,435)
UnixWare (187)
Windows (6,671)
Other

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

Share This

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems