QuickPayPro™ 3.1 Multiple vuln.

Type securityvulns
Reporter Securityvulns
Modified 2005-12-14T00:00:00


QuickPayPro™ 3.1 Multiple vuln.

Vuln. dicovered by : r0t Date: 14 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/quickpaypro-31-multiple-vuln.html vendor:http://quickpaypro.com/ affected version:3.1 and prior

Product Description:

QuickPayPro.com has been Online for over 3 years now, and the tools we provide you have been refined over the last 4 & 1/2 years! We're a member of the Better Business Bureau and the BBBOnline Reliability Program. We've spent over $400,000 in developement and has successfully processed nearly $9,000,000 in live sales! It's been refined by over 5,000 users and manages over 90,000 Affiliates & 2.5 Million Subscribers. And the entire system is tested daily by Hacker Safe. Needless to say: This QuickPayPro is a well-oiled machine.

  1. SQL inj. vuln.

QuickPayPro™ contains a flaw that allows a remote sql injection attacks.Input passed to the "popupid" "so" "sb" "nr" "subtrackingid" "delete" "trackingid" "customerid" parameters isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code

  1. XSS attack vuln.

QuickPayPro™ contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to into mutiple field parameters like in "/communication/subscribers.tracking.add.php" "/support/tickets.add.php" "/mycompany/categories.php" isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

examples: /communication/popups.edit.php? popupid=[SQL]

/communication/customer.tickets. view.php?so=[SQL]

/communication/customer.tickets. view.php?so=ASC&sb=[SQL]

/communication/customer.tickets. view.php?so=ASC&sb=Status&nr=[SQL]

/communication/subscribers.track ing.edit.php?subtrackingid=[SQL]


/tools/tracking.details.php?tra ckingid=1[SQL]

/mycompany/sales.view.php?custo merid=1[SQL]

Solution: Edit the source code to ensure that input is properly sanitised.