QuickPayPro™ 3.1 Multiple vuln.
Vuln. dicovered by : r0t Date: 14 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/quickpaypro-31-multiple-vuln.html vendor:http://quickpaypro.com/ affected version:3.1 and prior
QuickPayPro.com has been Online for over 3 years now, and the tools we provide you have been refined over the last 4 & 1/2 years! We're a member of the Better Business Bureau and the BBBOnline Reliability Program. We've spent over $400,000 in developement and has successfully processed nearly $9,000,000 in live sales! It's been refined by over 5,000 users and manages over 90,000 Affiliates & 2.5 Million Subscribers. And the entire system is tested daily by Hacker Safe. Needless to say: This QuickPayPro is a well-oiled machine.
QuickPayPro™ contains a flaw that allows a remote sql injection attacks.Input passed to the "popupid" "so" "sb" "nr" "subtrackingid" "delete" "trackingid" "customerid" parameters isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code
QuickPayPro™ contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to into mutiple field parameters like in "/communication/subscribers.tracking.add.php" "/support/tickets.add.php" "/mycompany/categories.php" isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
examples: /communication/popups.edit.php? popupid=[SQL]
Solution: Edit the source code to ensure that input is properly sanitised.