Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:10501
HistoryDec 04, 2005 - 12:00 a.m.

ASPS Shopping Cart Professional and Lite XSS vuln

2005-12-0400:00:00
vulners.com
39
JSON

ASPS Shopping Cart Professional and Lite XSS vuln
Vuln. dicovered by : r0t
Date: 3 dec. 2005
Orginal advisory:http://pridels.blogspot.com/2005/12/asps-shopping-cart-professional-and.html
Vendor:http://www.aspsolutions.com.au/
affected version:
ASPS Shopping Cart Professional 2.9d and prior
ASPS Shopping Cart Lite V2.1 and prior

Product Description:
Developed using asp/vb scripting – full source code supplied without encryption , complete cms, helpdesk to log enquires, Unlimited number of categories/subcategories, products and currencies , Innovative Studio online browser , No dll's to install , Supports access 2000 or above (sql server v7+ will be available by 30th April - If you require this urgently please email us as we can sell you our current version which is close for release). , Easy to alter language files and template design , Supports most ssl certificates (please let us know if your certificate is not supported as we aim to support as many as we can) , Credit card details encrypted for added security , Multiple super administrators and standards administrators , Reward your clients sale points which can be used for purchasing , Invoice your clients using your shopping cart for a payment methods including recurring payments (great for hosting invoices) , Create promotional discount coupons for clients. optional - add web wiz forum to cart

Vuln. Description:
Input passed to the "srch_product_name" parameter in "adv_search.asp" and "b_search" parameter in "bsearch.asp" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
example:
/products/adv_search.asp?srch_product_name=
%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript
%3E&srch_product_price1=&srch_product_price2=
&srch_product_stocknumber=&srch_product_cate
gory=&advance_submit=Search

/products/bsearch.asp?b_search=%3Cscript%3Ea
lert%28%27r0t%27%29%3C%2Fscript%3E&x=12&y=7

Solution:
Edit the source code to ensure that input is properly sanitised.

JSON