|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses >> CactuShop XSS and SQL injection flaws Vulnerability Assessment Details
|
CactuShop XSS and SQL injection flaws |
||
Checks CactuShop flaws Detailed Explanation for this Vulnerability Assessment The remote host runs CactuShop, an e-commerce web application written in ASP. The remote version of this software is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied data in the script 'popuplargeimage.asp'. Successful exploitation of this issue may permit a possible hacker to execute malicious script code on a vulnerable server. This version may also be vulnerable to SQL injection attacks in the scripts 'mailorder.asp' and 'payonline.asp'. The user-supplied input parameter 'strItems' is not filtered before being used in an SQL query. Thus the query modification through malformed input is possible. Successful exploitation of this vulnerability can enable a possible hacker to execute commands in the system (via MS SQL the function xp_cmdshell). Solution: Upgrade to the latest version of this software Network Security Threat Level: High Networks Security ID: 10019, 10020 Vulnerability Assessment Copyright: This script is Copyright (C) 2004 David Maciejak |
||
Cables, Connectors |
Gaming PC RTX 3080 Zotac Gaming, AMD Ryzen 7 5800X 3.8 GHz 8- Core Processor
$850.00
FAST Dell TOUCHSCREEN 8th Gen Intel Quad Core 16GB RAM Pick SSD Wi-Fi BT Win11
$175.00
ALLEGIANCE Desktop Computer Gaming PC: Intel 8 Core 128GB RAM, 2TB SSD, GeForce
$687.99
8-Core Gaming Computer Desktop PC, 1TB SSD, 32GB RAM, RX 560 Fortnite, Minecraft
$299.98
Intel - Core i9-13900K 13th Gen 24 cores 8 P-cores + 16 E-cores 36M Cache, 3 ...
$689.99
Intel - Core i7-13700K 13th Gen 16 cores 8 P-cores + 8 E-cores 30M Cache, 3.4...
$489.99
Intel - Core i9-12900K Desktop Processor 16 (8P+8E) Cores up to 5.2 GHz Unloc...
$619.99
Apple iMac Pro 2017 27 Inch 5K 3.2 GHz 8-Core Xeon 64GB RAM 1TB Vega
$1295.00
Intel NUC Core i7 8th Gen - Mini PC Kit BOXNUC8I7BEH1
$300.00
SONOMA Apple MacBook Pro 16" 5.0GHz i9 8 CORE - 5500M 8GB - 64GB RAM 1TB SSD
$1269.60
|
||
No Discussions have been posted on this vulnerability. |