Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:10615
HistoryDec 14, 2005 - 12:00 a.m.

QuickPayPro™ 3.1 Multiple vuln.

2005-12-1400:00:00
vulners.com
20
JSON

QuickPayPro™ 3.1 Multiple vuln.

Vuln. dicovered by : r0t
Date: 14 dec. 2005
orginal advisory:http://pridels.blogspot.com/2005/12/quickpaypro-31-multiple-vuln.html
vendor:http://quickpaypro.com/
affected version:3.1 and prior

Product Description:

QuickPayPro.com has been Online for over 3 years now, and the tools we
provide you have been refined over the last 4 & 1/2 years! We're a
member of the Better Business Bureau and the BBBOnline Reliability
Program.
We've spent over $400,000 in developement and has successfully
processed nearly $9,000,000 in live sales! It's been refined by over
5,000 users and manages over 90,000 Affiliates & 2.5 Million
Subscribers. And the entire system is tested daily by Hacker Safe.
Needless to say: This QuickPayPro is a well-oiled machine.

  1. SQL inj. vuln.

QuickPayPro™ contains a flaw that allows a remote sql injection
attacks.Input passed to the "popupid" "so" "sb" "nr" "subtrackingid"
"delete" "trackingid" "customerid" parameters isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code

  1. XSS attack vuln.

QuickPayPro™ contains a flaw that allows a remote cross site scripting
attack. This flaw exists because input passed to into mutiple field
parameters like in "/communication/subscribers.tracking.add.php"
"/support/tickets.add.php" "/mycompany/categories.php" isn't properly
sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would
execute arbitrary code in a user's browser within the trust
relationship between the browser and the server, leading to a loss of
integrity.

examples:
/communication/popups.edit.php?
popupid=[SQL]

/communication/customer.tickets.
view.php?so=[SQL]

/communication/customer.tickets.
view.php?so=ASC&sb=[SQL]

/communication/customer.tickets.
view.php?so=ASC&sb=Status&nr=[SQL]

/communication/subscribers.track
ing.edit.php?subtrackingid=[SQL]

/settings/design.php?delete=[SQL]

/tools/tracking.details.php?tra
ckingid=1[SQL]

/mycompany/sales.view.php?custo
merid=1[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

JSON