pwned-vpasp.txt

2006-01-29T00:00:00
ID PACKETSTORM:43471
Type packetstorm
Reporter tracewar
Modified 2006-01-29T00:00:00

Description

                                        
                                            `tracewar(tracewar@gmail.com) presents.. VP-ASP Getting owned.  
  
****************************************************  
Vulnerable Software: VP-ASP Shopping Cart 5.50, OTHERS  
Impact: Manipulation of data(SQL Injection ATTACK)  
Credits: Mindy, SlickK, Crazycookie(Love you =D), sese  
Special thanks to Mudavyne for their song "HAPPY".  
****************************************************  
  
While talking about SQL Injections and famous "SITE" systems  
using ASP, with a close friend of mine over the efnet network  
I told him I'll try to hack the VP-ASP Shopping Cart system  
5 Minutes later.. They got owned.  
After googeling for other VP-ASP advisories, I found some lame  
exploit with a bug that wont even work once so I release  
this pwnage to you guys.  
  
And now for the real sh1t:  
The Vulnerability exists in the shopaddtocart.asp file under  
the query "productid", evil url:  
  
/shopaddtocart.asp?FeatureValue1=1&Feature1=7&FeatureValue2=1&Feature2=9&SM=1&Feature3=1&Feature4=55&Required=7%2C9%2C10%2C140&quantity=1&Order=Order&productid=1'  
  
Just google for some VP-ASP Shopping carts with the following technique:  
intitle:"VP-ASP Shopping cart"  
and feel free to verify my sh1t, I hope you guys enjoyed the ride.  
  
  
-tracewar  
`