From: "S-Quadra Security Research"
To: "bugtraq" ; "full-disclosure"
Subject: CactuSoft CactuShop v5.x shopping cart software multiple security vulnerabilities
Date: Wednesday, March 31, 2004 9:54 PM

S-Quadra Advisory #2004-03-31

Topic: CactuSoft CactuShop v5.x shopping cart software multiple security
vulnerabilities
Severity: High
Vendor URL: http://www.cactushop.com
Advisory URL: http://www.s-quadra.com/advisories/Adv-20040331.txt
Release date: 31 Mar 2004

1. DESCRIPTION

CactuShop is an ASP application for running an e-commerce web site. It
incorporates a databased catalogue system, front end pages for product
navigation, back end pages for updating product details and robust
basket code for memorizing product selections as a visitor moves around
the web site. ASP software is designed to run on a Microsoft NT or Win
2000 server and to use MS Access, MS SQL Server or MySQL as a backend.
Please visit http://www.cactushop.com for information about CactuShop
shopping cart.

2. DETAILS

-- Vulnerability 1: SQL Injection vulnerability

An SQL Injection vulnerability has been found in following scripts :
'mailorder.asp' and 'payonline.asp'. User supplied input parameter is
'strItems' not filtered before being used in an SQL query. Thus the
query modification through malformed input is possible.

Successful exploitation of this vulnerability can enable an attacker
to execute commands in the system (via MS SQL xp_cmdshell function).

-- Vulnerability 2: Cross Site Scripting vulnerability found in
'largeimage.asp'script

By injecting specially crafted javascript code in url and tricking a
user to visit it a remote attacker can steal user session id and gain
access to user's personal data.

--PoC code

--Vulnerability 1:

Platform: MS SQL Server as a backend

Posting this data to 'payonline.asp' executes 'dir c:' command

strAgain=yes&CD_EmailAddress=dummy@someemailservice.com&CD_Password=&
CD_AffiliateID=&CD_CardholderCountry=200&CD_ShippingCountry=200&
CD_ShippingPostcode=&strPaymentSystem=email&CP_CouponCode=&numLanguageID=1&
numCurrencyID=1&numItemCount=2&strItems=214;+exec+master..xp_cmdshell+'dir+c:'--z165z&
strQuantities=6z2z&numShipMethod=1&btnProceed=Proceed

-- Vulnerability 2:

http://[target]/popuplargeimage.asp?strImageTag=

3. FIX INFORMATION

11 Mar 2004: S-Quadra alerted CactuSoft (CactuShop developers) on these
issues.
15 Mar 2004: CactuSoft response:

"1) SQL Injection

On payonline.asp and all mailorder pages the strItems field is now
parsed for single-quote (') characters before being used with database
queries. Single quotes are escaped (replaced with 2 single-quotes) to
ensure SQL Injection won't work.

2) Javascript Injection

The strImageTag field is parse for HTML tags characters (< and >) and
are removed from the string. This should ensure against

讓我們程式搜尋結果更加完美 如果您覺得該文件有幫助到您，煩請按下我 如果您覺得該文件是一個一無是處的文件，也煩請按下我

該文件您看起來是亂碼嗎？您可以切換編碼方式試試看！ISO-8859-1 | latin1 | euc-kr | euc-jp | CP936 | CP950 | UTF-8 | GB2312 | BIG5 | 本文件可能涉及色情、暴力，按我申請移除該文件 網址長？按我產生分享用短址

©2026 JSEMTS

https://tw.search.yahoo.com/search;_ylt=A8tUwZJ2QE1YaVcAUmFr1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC1zLXR3BGdwcmlkAwRuX3JzbHQDMARuX3N1Z2cDMARvcmlnaW4DdHcuc2VhcmNoLnlhaG9vLmNvbQRwb3MDMARwcXN0cgMEcHFzdHJsAwRxc3RybAM4NARxdWVyeQMlRTglQjYlODUlRTUlOEYlQUYlRTYlODQlOUIlRTclOUElODQlRTUlQUYlQjYlRTUlQUYlQjYlMjAlRTglODMlQTElRTUlQUUlODklRTUlQTglOUMEdF9zdG1wAzE0ODE0NTc3OTM-?p=%E8%B6%85%E5%8F%AF%E6%84%9B%E7%9A%84%E5%AF%B6%E5%AF%B6+%E8%83%A1%E5%AE%89%E5%A8%9C&fr2=sb-top-tw.search&fr=yfp-t-900-s-tw&rrjfid=2935926 https://tw.search.yahoo.com/search;_ylt=A8tUwZJ2QE1YaVcAUmFr1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC1zLXR3BGdwcmlkAwRuX3JzbHQDMARuX3N1Z2cDMARvcmlnaW4DdHcuc2VhcmNoLnlhaG9vLmNvbQRwb3MDMARwcXN0cgMEcHFzdHJsAwRxc3RybAM4NARxdWVyeQMlRTglQjYlODUlRTUlOEYlQUYlRTYlODQlOUIlRTclOUElODQlRTUlQUYlQjYlRTUlQUYlQjYlMjAlRTglODMlQTElRTUlQUUlODklRTUlQTglOUMEdF9zdG1wAzE0ODE0NTc3OTM-?p=%E8%B6%85%E5%8F%AF%E6%84%9B%E7%9A%84%E5%AF%B6%E5%AF%B6+%E8%83%A1%E5%AE%89%E5%A8%9C&fr2=sb-top-tw.search&fr=yfp-t-900-s-tw&rrjfid=1892089 https://tw.search.yahoo.com/search;_ylt=A8tUwZJ2QE1YaVcAUmFr1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC1zLXR3BGdwcmlkAwRuX3JzbHQDMARuX3N1Z2cDMARvcmlnaW4DdHcuc2VhcmNoLnlhaG9vLmNvbQRwb3MDMARwcXN0cgMEcHFzdHJsAwRxc3RybAM4NARxdWVyeQMlRTglQjYlODUlRTUlOEYlQUYlRTYlODQlOUIlRTclOUElODQlRTUlQUYlQjYlRTUlQUYlQjYlMjAlRTglODMlQTElRTUlQUUlODklRTUlQTglOUMEdF9zdG1wAzE0ODE0NTc3OTM-?p=%E8%B6%85%E5%8F%AF%E6%84%9B%E7%9A%84%E5%AF%B6%E5%AF%B6+%E8%83%A1%E5%AE%89%E5%A8%9C&fr2=sb-top-tw.search&fr=yfp-t-900-s-tw&rrjfid=3556586 https://tw.search.yahoo.com/search;_ylt=A8tUwYgkQU1YcXoAUE9r1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC10dwRncHJpZAMxWU5tY2FYMVFGQ2ZvUXZGN1N0bzVBBG5fcnNsdAMwBG5fc3VnZwMwBG9yaWdpbgN0dy5zZWFyY2gueWFob28uY29tBHBvcwMwBHBxc3RyAwRwcXN0cmwDBHFzdHJsAzQ4BHF1ZXJ5AyVFNiVBRCVBMSVFNiVBRCU4QyUyMCVFNSVCMCU4OCVFNiU4MyU4NSVFNSU5QyU5OAR0X3N0bXADMTQ4MTQ1Nzk3Ng--?p=%E6%AD%A1%E6%AD%8C+%E5%B0%88%E6%83%85%E5%9C%98&fr2=sb-top-tw.search&fr=yfp-t-900-tw&rrjfid=5707193 https://tw.search.yahoo.com/search;_ylt=A8tUwZJ2QE1YaVcAUmFr1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC1zLXR3BGdwcmlkAwRuX3JzbHQDMARuX3N1Z2cDMARvcmlnaW4DdHcuc2VhcmNoLnlhaG9vLmNvbQRwb3MDMARwcXN0cgMEcHFzdHJsAwRxc3RybAM4NARxdWVyeQMlRTglQjYlODUlRTUlOEYlQUYlRTYlODQlOUIlRTclOUElODQlRTUlQUYlQjYlRTUlQUYlQjYlMjAlRTglODMlQTElRTUlQUUlODklRTUlQTglOUMEdF9zdG1wAzE0ODE0NTc3OTM-?p=%E8%B6%85%E5%8F%AF%E6%84%9B%E7%9A%84%E5%AF%B6%E5%AF%B6+%E8%83%A1%E5%AE%89%E5%A8%9C&fr2=sb-top-tw.search&fr=yfp-t-900-s-tw&rrjfid=6121690 https://tw.search.yahoo.com/search;_ylt=A8tUwYgkQU1YcXoAUE9r1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC10dwRncHJpZAMxWU5tY2FYMVFGQ2ZvUXZGN1N0bzVBBG5fcnNsdAMwBG5fc3VnZwMwBG9yaWdpbgN0dy5zZWFyY2gueWFob28uY29tBHBvcwMwBHBxc3RyAwRwcXN0cmwDBHFzdHJsAzQ4BHF1ZXJ5AyVFNiVBRCVBMSVFNiVBRCU4QyUyMCVFNSVCMCU4OCVFNiU4MyU4NSVFNSU5QyU5OAR0X3N0bXADMTQ4MTQ1Nzk3Ng--?p=%E6%AD%A1%E6%AD%8C+%E5%B0%88%E6%83%85%E5%9C%98&fr2=sb-top-tw.search&fr=yfp-t-900-tw&rrjfid=2577853 [教學] 停用WINDOWS更新方式bing[前往][前往][前往]Gameremag.huaerolead[前往][教學] 好用的雷鳥搜尋套件(Expression Search - NG)ycccoyesharristvbshb9lc[前往][前往]zenzhoultd[前往]mna.gpwbDnaxcat[教學] 好用的遠端連線工具RDCMAN[前往]bosefrankknowjasperpedia[教學] 基於 Cheat Engine DBVM 的低層級記憶體存取技術分析[前往][前往][前往]amazonAcdccollege[前往][前往]Twittersunping-lifekadokawa[前往]myfoneshoplineapp[前往]wj10001gomajiBufferMattersLin16888[前往]tripod-techshuuemuraBhmtsff[教學] TCP 445 Port問題解決[前往][前往][前往][教學] Microsoft Office Starter 2010 文書處理軟體免費下載Alphanpac-weiwuying結瑞伺服器結瑞伺服器livenation[前往]uggWhy3s[前往][教學] WEBCLM.OCX(OCX迷你應用程式嵌入式網站伺服器)szw0Gm6699Abcvote[前往][前往][前往]vip.udn[前往]japan-lke[前往]Yxwst58Xlsq17ckdtaiwan[前往][前往]clarinsheheshangwuivendorFirewar888esg.tsmc[前往]puma[教學] 瀏覽器書籤簡易密碼產生器edominiumYinyue7maostudio2010[前往]InfogramDoraforumsitesearch.openfindeosascbesuty99[前往][前往][前往]wkcpgshop[前往]showbascotch[分享] HTML5登入頁面展示[前往][教學] 限制遠端桌面(RDP)只能允許台灣IP連線Tenda-team[前往][教學] 模擬器、ROMSskillshop.exceedlms03shuoacmehldwordpress[前往]Rube3050wwunion[前往][前往][前往][教學] 電腦病毒收集(1997~2023)Anzforum短網址產生器17-richbeauty[前往][前往]OurSOGOiopenmall[資訊] 解決CHROME無法正常使用銀行服務[前往][前往][前往]mojoin[前往][前往]Hkepc2345enyjznghantaskerlerbolariohttp://samsung.jplopsoft.idv.tw/?site=1[教學] 人類統計20218funfinet[前往][前往][前往]lioncrew.uni-lionscw[前往][教學] 極地戰嚎3作弊碼oracle[前往][前往]bbslsadidasBeloadersaptokyodisneyresortmrmadRav4-clubtruugdmediawikilaw.moj[前往]hefeiyechangLUrlwikimediafoundationwikisourceyep2story[前往]gztongcheng[前往]Cfbwz1000萬人都說有效的減肥方法減肥方法Luchanwwikibusinesspro[前往]yu-metal[前往]web.piapp[前往]Icnkreleganthome-decor[前往][前往][前往][前往]Yay.Booanimate-onlineshop[教學] EXpansion - Message Digest v2(ex_md2)[前往]newbalancetwinhead[教學] 專案開發模式(單一工程師與多工程師分工差異)crusalislenovo[前往]XiuwushidaiLvzikuDayibin[資訊] 遠端桌面技術比較Rw2828[教學] 林襄暗網流出私密影片So0912businesstoday[前往]pitotechsenheyuan[前往]siconnetWin1meishijournal[資訊] 情侶必做清單的文化差異與價值觀比較：以台灣與日本網友為例[前往]Xinbiao-aiclartkaoji[教學] 寄件者政策框架SPFikea[前往][前往]TwstayfetnetLaba688[前往]2homeshybao[前往]hbhousing[前往]nfumcae.nfu[前往]http://karsten2024.softether.net/hk.investing[前往][前往]sun-exp[前往]tiPptPinkoiddm[前往]UlifeStyle[教學] 駭客來源網域清單jpmedhttp://samsung.jfa.com.tw/?site=1[前往]amy6622[前往]neocities[教學] Youtube影片下載方式歸檔星球Someekocpccopilot.microsofttdriTaikwu[教學] Microsoft EDGE 更改預設搜尋引擎mioISnespressoQuyushujuGroups GoogleJiaoyiKingofkingsexplorer[前往]arioGodaddySites[前往]globetapeticl[前往]Threadslzdsxxbvideo.fridayIdcpfyes.hkb[教學] IPScanmirrormediaweb999[前往][前往]142gamehkeverton[前往][前往]kungkuan.101net[教學] Windows Home User AccessPopDailydelluniqlo[前往]Site123giving.ucsdcyanidea[前往]Xmdd188[前往]MD5 DecodecnaXintangtc[前往]imarketing.iwant-in[前往][前往]neutrallo[前往]jcbbscndiodes[前往]theviko歸檔星球Pcnewshttp://fhi.jfa.com.tw/Rxyhzx[前往]pinkoi.zendeskchtd1-dm.online[前往][前往][前往]Mediumlandtop[前往]HamtalkAsia34.100.194.145yhmolitwitws[分享] 利用機器學習檢測網絡釣魚攻擊[前往]EasyStore[前往]parklanecht-ptlaihaoBc3tstravel.yamtcuSurface3DSeeuuor-estorejylawyerrollinggreens[前往]shop[前往]mujitwbsball.dils.tkuruciwansalesforcemyproteingjtaiwan[前往]awanzhou[前往][前往]dfd.video.nchu[前往]Chaforumsnw999161forum[前往][前往]Sexline998[前往]leftbank168[前往]cjjc.weblio[前往]Ninini573rmksh.phc[前往][前往]csr.auoyam[前往]fortunebreeders[前往][前往]Tktower[前往]hoihomesesoda[教學] 幽遊白書魔強統一戰-遊戲中唯一具跨軌影響力之特殊招式研究innovue.ltd[前往]Saycoo[前往]itqu[前往][前往]zombitnicpokreginaX7cq[前往]blogdomago[前往][前往][前往]Line.MEpixtastock[技術] 停用Windows10更新100年的方法accton[前往]aws.amazonyujincafe[前往]colatourcontrelchinatimes[前往]twline5BuyMeACoffeecustomsamlsing[前往]ec.elifemall[前往]ecosiacmuh.cmukreositekxb4uhxwltwOrangeonline[前往][教學] 中華電信Hinet數據機(光世代、小烏龜)登入帳號密碼[前往]XiaoshuoxiaKoitw[前往]profacepadlet.helpcp.ocam.livebytes-the-dustthinkwithgooglecatchplay[前往]teslaPlus28ibm[前往]Kater[前往]citedeanlife.blogTaaisclubkb.commonhealthGuanggu[前往][前往][前往][前往][前往]portwelltrioceancommonhealthHolkeeFotor[前往][前往]Kiss69lgJingdexian[資訊] 嘆氣會令幸福跑掉[前往][前往]hongkongdisneylandCrazys1010apothecary[前往]garminhonhaianime1(No Title)[前往]VEynyRa2diydata.tainan1moli[前往][前往]Yeeapps[前往]JJVKZhinanzhen[前往]bastilleposttechnicecartureyphs.ntpcthenorthfaceintertek-twnntpugift.colaz[前往]Ky58[前往]IT TOP Blog