by r0t,der4444,cembo,VietMafia

Wednesday, December 14, 2005

QuickPayPro™ 3.1 Multiple vuln.

QuickPayPro™ 3.1 Multiple vuln.

Vuln. dicovered by : r0t
Date: 14 dec. 2005
affected version:3.1 and prior

Product Description: has been Online for over 3 years now, and the tools we provide you have been refined over the last 4 & 1/2 years! We're a member of the Better Business Bureau and the BBBOnline Reliability Program.
We've spent over $400,000 in developement and has successfully processed nearly $9,000,000 in live sales! It's been refined by over 5,000 users and manages over 90,000 Affiliates & 2.5 Million Subscribers. And the entire system is tested daily by Hacker Safe. Needless to say: This QuickPayPro is a well-oiled machine.

1. SQL inj. vuln.

QuickPayPro™ contains a flaw that allows a remote sql injection attacks.Input passed to the "popupid" "so" "sb" "nr" "subtrackingid" "delete" "trackingid" "customerid" parameters isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code

2. XSS attack vuln.

QuickPayPro™ contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to into mutiple field parameters like in "/communication/subscribers.tracking.add.php" "/support/tickets.add.php" "/mycompany/categories.php" isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.









Edit the source code to ensure that input is properly sanitised.


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew