Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> CactuShop XSS and SQL injection flaws


Vulnerability Assessment Details

CactuShop XSS and SQL injection flaws

Vulnerability Assessment Summary
Checks CactuShop flaws

Detailed Explanation for this Vulnerability Assessment

The remote host runs CactuShop, an e-commerce web application written in ASP.

The remote version of this software is vulnerable to cross-site scripting
due to a lack of sanitization of user-supplied data in the script
'popuplargeimage.asp'.

Successful exploitation of this issue may permit a possible hacker to execute
malicious script code on a vulnerable server.

This version may also be vulnerable to SQL injection attacks in
the scripts 'mailorder.asp' and 'payonline.asp'. The user-supplied
input parameter 'strItems' is not filtered before being used in
an SQL query. Thus the query modification through malformed input
is possible.

Successful exploitation of this vulnerability can enable a possible hacker
to execute commands in the system (via MS SQL the function xp_cmdshell).

Solution: Upgrade to the latest version of this software
Network Security Threat Level: High

Networks Security ID: 10019, 10020

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 David Maciejak

Cables, Connectors

ATTO Technology Celerity FC-81EN 8GB FIBRE1CH PCIE8 Lc Sfp Rohs
$1167.95
ATTO Technology Celerity FC-81EN 8GB FIBRE1CH PCIE8 Lc Sfp Rohs pictureJuniper SRX3K-SFB-12GE Switch Fabric Board w/ 8x10/100/1000 TX 4xGE SFP
$55.0
Juniper SRX3K-SFB-12GE Switch Fabric Board w/ 8x10/100/1000 TX  4xGE SFP pictureNew Cisco DS-SFP-FC8G-SW 8-Gbps Fibre Channel SFP+
$5.0
New Cisco DS-SFP-FC8G-SW 8-Gbps Fibre Channel SFP+ pictureAXIS COMMUNICATION INC 5801-801 SFP PLUGGABLE TRANS MODULE SNGL
$106.33
AXIS COMMUNICATION INC 5801-801 SFP PLUGGABLE TRANS MODULE SNGL picture


Discussions

No Discussions have been posted on this vulnerability.