ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection: Posted Nov 19, 2010; Authored by Ariko-Security; ViArt SHOP version 4.0.5 suffers from cross site scripting and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | 1337e98c02ad0b166da6fb21b4fbcdbc7cb096ce66b35f262001044b2fec92ea; Download | Favorite | View

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

# Title: [ViArt SHOP multiple vulnerabilities]
# Date: [18.11.2010]
# Author: [Ariko-Security]
# Software Link: [https://www.viart.com]
# Version: [4.0.5]
 
 
============ { Ariko-Security - Advisory #2/11/2010 } =============
 
ViArt SHOP multiple vulnerabilities
 
Vendor's Description of Software and demo:
# https://demo-shop.viart.com/ & https://www.viart.com
 
Dork:
# N/A
 
Application Info:
# ViArt SHOP
# version last 4.0.5
 
Vulnerability Info:
# Type: multiple SQL injections, multiple XSS, multiple iFrame injections, multiple link injections , redirector abuse.
 
Time Table:
# 10/11/2010 - Vendor notified.
# 18/11/2010 - Vendor released fix (partial)
 
Fix:
# https://www.viart.com/update_logic_to_increase_site_security_and_fix_xss-compatibility_issues.html
 
SQL injections:
 
Input passed via the "rnd" parameter to products_search.php is not properly
sanitised before being used in a SQL query.
Input passed via the "filter" parameter to products.php is not properly
sanitised before being used in a SQL query.
 
XSS, iFrame Injections, Link injections:
 
 
Input passed to the "search_category_id" and "category_id" parameters in ads.php is not properly
sanitised before being returned to the user.
 
Input passed to the "category_id" parameter in article.php and articles.php is not properly
sanitised before being returned to the user.
 
Input passed to the "rp" parameter in basket.php and product_details.php is not properly
sanitised before being returned to the user.
 
Input passed to the "postal_code" parameter in shipping_calculator.php is not properly
sanitised before being returned to the user.
 
Input passed to the "s_fds" , "s_tit" ,"s_cod" parameters in search.php is not properly
sanitised before being returned to the user.
 
Input passed to the "s_sds" parameter in ads_search.php is not properly
sanitised before being returned to the user.
 
URL redirector ABUSE:
 
user_profile.php vulnerable parameter "return_page"
 
 
Solution:
# Input validation of all vulnerable parameters should be corrected.
 
Credit:
# Discoverd By: Ariko-Security 2010
Advisory:
# https://advisories.ariko-security.com/november/audyt_bezpieczenstwa_746.html

Top Authors In Last 30 Days

Red Hat 215 files
indoushka 165 files
Jay Turla 150 files
Ubuntu 74 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,123)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,209)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,823)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,848)
UNIX (9,455)
UnixWare (188)
Windows (6,772)
Other

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

Share This

ViArt SHOP 4.0.5 Cross Site Scripting / SQL Injection

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems