by r0t,der4444,cembo,VietMafia

Saturday, December 03, 2005

ASPS Shopping Cart Professional and Lite XSS vuln

ASPS Shopping Cart Professional and Lite XSS vuln
Vuln. dicovered by : r0t
Date: 3 dec. 2005
affected version:
ASPS Shopping Cart Professional 2.9d and prior
ASPS Shopping Cart Lite V2.1 and prior

Product Description:
Developed using asp/vb scripting – full source code supplied without encryption , complete cms, helpdesk to log enquires, Unlimited number of categories/subcategories, products and currencies , Innovative Studio online browser , No dll's to install , Supports access 2000 or above (sql server v7+ will be available by 30th April - If you require this urgently please email us as we can sell you our current version which is close for release). , Easy to alter language files and template design , Supports most ssl certificates (please let us know if your certificate is not supported as we aim to support as many as we can) , Credit card details encrypted for added security , Multiple super administrators and standards administrators , Reward your clients sale points which can be used for purchasing , Invoice your clients using your shopping cart for a payment methods including recurring payments (great for hosting invoices) , Create promotional discount coupons for clients. optional - add web wiz forum to cart

Vuln. Description:
Input passed to the "srch_product_name" parameter in "adv_search.asp" and "b_search" parameter in "bsearch.asp" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.



Edit the source code to ensure that input is properly sanitised.


Blogger Credit Center told...

Hey, you have a great blog here! I'm definitely going to bookmark you!

I have a credit cards for bad credit site/blog. It pretty much covers credit cards for bad credit related stuff.

Come and check it out if you get time :-)

7:03 PM

Anonymous Peter told...

I am site owner for asps shopping cart. It would had been good if you had emailed this issue to me.

Anyway the next version will have this fixed.


9:52 AM

Blogger answer-man told...

enjoyed the subject matter on your blog. I have some super great shopping malls to share please take a moment to see which one you like the best.
Be sure and take advantage of the great values available. Enjoy!

5:57 AM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew