Type packetstorm
Reporter tracewar
Modified 2006-01-29T00:00:00


                                            `tracewar( presents.. VP-ASP Getting owned.  
Vulnerable Software: VP-ASP Shopping Cart 5.50, OTHERS  
Impact: Manipulation of data(SQL Injection ATTACK)  
Credits: Mindy, SlickK, Crazycookie(Love you =D), sese  
Special thanks to Mudavyne for their song "HAPPY".  
While talking about SQL Injections and famous "SITE" systems  
using ASP, with a close friend of mine over the efnet network  
I told him I'll try to hack the VP-ASP Shopping Cart system  
5 Minutes later.. They got owned.  
After googeling for other VP-ASP advisories, I found some lame  
exploit with a bug that wont even work once so I release  
this pwnage to you guys.  
And now for the real sh1t:  
The Vulnerability exists in the shopaddtocart.asp file under  
the query "productid", evil url:  
Just google for some VP-ASP Shopping carts with the following technique:  
intitle:"VP-ASP Shopping cart"  
and feel free to verify my sh1t, I hope you guys enjoyed the ride.