JSEMTS搜尋引擎
 

From: "S-Quadra Security Research"
To: "bugtraq" ; "full-disclosure"
Subject: CactuSoft CactuShop v5.x shopping cart software multiple security vulnerabilities
Date: Wednesday, March 31, 2004 9:54 PM

S-Quadra Advisory #2004-03-31

Topic: CactuSoft CactuShop v5.x shopping cart software multiple security
vulnerabilities
Severity: High
Vendor URL: http://www.cactushop.com
Advisory URL: http://www.s-quadra.com/advisories/Adv-20040331.txt
Release date: 31 Mar 2004

1. DESCRIPTION

CactuShop is an ASP application for running an e-commerce web site. It
incorporates a databased catalogue system, front end pages for product
navigation, back end pages for updating product details and robust
basket code for memorizing product selections as a visitor moves around
the web site. ASP software is designed to run on a Microsoft NT or Win
2000 server and to use MS Access, MS SQL Server or MySQL as a backend.
Please visit http://www.cactushop.com for information about CactuShop
shopping cart.

2. DETAILS

-- Vulnerability 1: SQL Injection vulnerability

An SQL Injection vulnerability has been found in following scripts :
'mailorder.asp' and 'payonline.asp'. User supplied input parameter is
'strItems' not filtered before being used in an SQL query. Thus the
query modification through malformed input is possible.

Successful exploitation of this vulnerability can enable an attacker
to execute commands in the system (via MS SQL xp_cmdshell function).

-- Vulnerability 2: Cross Site Scripting vulnerability found in
'largeimage.asp'script

By injecting specially crafted javascript code in url and tricking a
user to visit it a remote attacker can steal user session id and gain
access to user's personal data.

--PoC code

--Vulnerability 1:

Platform: MS SQL Server as a backend

Posting this data to 'payonline.asp' executes 'dir c:' command

strAgain=yes&CD_EmailAddress=dummy@someemailservice.com&CD_Password=&
CD_AffiliateID=&CD_CardholderCountry=200&CD_ShippingCountry=200&
CD_ShippingPostcode=&strPaymentSystem=email&CP_CouponCode=&numLanguageID=1&
numCurrencyID=1&numItemCount=2&strItems=214;+exec+master..xp_cmdshell+'dir+c:'--z165z&
strQuantities=6z2z&numShipMethod=1&btnProceed=Proceed

-- Vulnerability 2:

http://[target]/popuplargeimage.asp?strImageTag=

3. FIX INFORMATION

11 Mar 2004: S-Quadra alerted CactuSoft (CactuShop developers) on these
issues.
15 Mar 2004: CactuSoft response:

"1) SQL Injection

On payonline.asp and all mailorder pages the strItems field is now
parsed for single-quote (') characters before being used with database
queries. Single quotes are escaped (replaced with 2 single-quotes) to
ensure SQL Injection won't work.

2) Javascript Injection

The strImageTag field is parse for HTML tags characters (< and >) and
are removed from the string. This should ensure against





搜尋引擎讓我們程式搜尋結果更加完美
  • 如果您覺得該文件有幫助到您,煩請按下我
  • 如果您覺得該文件是一個一無是處的文件,也煩請按下我
    • 搜尋引擎該文件您看起來是亂碼嗎?您可以切換編碼方式試試看!ISO-8859-1 | latin1 | euc-kr | euc-jp | CP936 | CP950 | UTF-8 | GB2312 | BIG5 |
    搜尋引擎本文件可能涉及色情、暴力,按我申請移除該文件
    搜尋引擎網址長?按我產生分享用短址

    ©2026 JSEMTS

    https://tw.search.yahoo.com/search;_ylt=A8tUwZJ2QE1YaVcAUmFr1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC1zLXR3BGdwcmlkAwRuX3JzbHQDMARuX3N1Z2cDMARvcmlnaW4DdHcuc2VhcmNoLnlhaG9vLmNvbQRwb3MDMARwcXN0cgMEcHFzdHJsAwRxc3RybAM4NARxdWVyeQMlRTglQjYlODUlRTUlOEYlQUYlRTYlODQlOUIlRTclOUElODQlRTUlQUYlQjYlRTUlQUYlQjYlMjAlRTglODMlQTElRTUlQUUlODklRTUlQTglOUMEdF9zdG1wAzE0ODE0NTc3OTM-?p=%E8%B6%85%E5%8F%AF%E6%84%9B%E7%9A%84%E5%AF%B6%E5%AF%B6+%E8%83%A1%E5%AE%89%E5%A8%9C&fr2=sb-top-tw.search&fr=yfp-t-900-s-tw&rrjfid=1414930 https://tw.search.yahoo.com/search;_ylt=A8tUwYgkQU1YcXoAUE9r1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC10dwRncHJpZAMxWU5tY2FYMVFGQ2ZvUXZGN1N0bzVBBG5fcnNsdAMwBG5fc3VnZwMwBG9yaWdpbgN0dy5zZWFyY2gueWFob28uY29tBHBvcwMwBHBxc3RyAwRwcXN0cmwDBHFzdHJsAzQ4BHF1ZXJ5AyVFNiVBRCVBMSVFNiVBRCU4QyUyMCVFNSVCMCU4OCVFNiU4MyU4NSVFNSU5QyU5OAR0X3N0bXADMTQ4MTQ1Nzk3Ng--?p=%E6%AD%A1%E6%AD%8C+%E5%B0%88%E6%83%85%E5%9C%98&fr2=sb-top-tw.search&fr=yfp-t-900-tw&rrjfid=9963107 https://tw.search.yahoo.com/search;_ylt=A8tUwZJ2QE1YaVcAUmFr1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC1zLXR3BGdwcmlkAwRuX3JzbHQDMARuX3N1Z2cDMARvcmlnaW4DdHcuc2VhcmNoLnlhaG9vLmNvbQRwb3MDMARwcXN0cgMEcHFzdHJsAwRxc3RybAM4NARxdWVyeQMlRTglQjYlODUlRTUlOEYlQUYlRTYlODQlOUIlRTclOUElODQlRTUlQUYlQjYlRTUlQUYlQjYlMjAlRTglODMlQTElRTUlQUUlODklRTUlQTglOUMEdF9zdG1wAzE0ODE0NTc3OTM-?p=%E8%B6%85%E5%8F%AF%E6%84%9B%E7%9A%84%E5%AF%B6%E5%AF%B6+%E8%83%A1%E5%AE%89%E5%A8%9C&fr2=sb-top-tw.search&fr=yfp-t-900-s-tw&rrjfid=5941840 https://tw.search.yahoo.com/search;_ylt=A8tUwZJ2QE1YaVcAUmFr1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC1zLXR3BGdwcmlkAwRuX3JzbHQDMARuX3N1Z2cDMARvcmlnaW4DdHcuc2VhcmNoLnlhaG9vLmNvbQRwb3MDMARwcXN0cgMEcHFzdHJsAwRxc3RybAM4NARxdWVyeQMlRTglQjYlODUlRTUlOEYlQUYlRTYlODQlOUIlRTclOUElODQlRTUlQUYlQjYlRTUlQUYlQjYlMjAlRTglODMlQTElRTUlQUUlODklRTUlQTglOUMEdF9zdG1wAzE0ODE0NTc3OTM-?p=%E8%B6%85%E5%8F%AF%E6%84%9B%E7%9A%84%E5%AF%B6%E5%AF%B6+%E8%83%A1%E5%AE%89%E5%A8%9C&fr2=sb-top-tw.search&fr=yfp-t-900-s-tw&rrjfid=4906683 https://tw.search.yahoo.com/search;_ylt=A8tUwZJ2QE1YaVcAUmFr1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC1zLXR3BGdwcmlkAwRuX3JzbHQDMARuX3N1Z2cDMARvcmlnaW4DdHcuc2VhcmNoLnlhaG9vLmNvbQRwb3MDMARwcXN0cgMEcHFzdHJsAwRxc3RybAM4NARxdWVyeQMlRTglQjYlODUlRTUlOEYlQUYlRTYlODQlOUIlRTclOUElODQlRTUlQUYlQjYlRTUlQUYlQjYlMjAlRTglODMlQTElRTUlQUUlODklRTUlQTglOUMEdF9zdG1wAzE0ODE0NTc3OTM-?p=%E8%B6%85%E5%8F%AF%E6%84%9B%E7%9A%84%E5%AF%B6%E5%AF%B6+%E8%83%A1%E5%AE%89%E5%A8%9C&fr2=sb-top-tw.search&fr=yfp-t-900-s-tw&rrjfid=4635416 https://tw.search.yahoo.com/search;_ylt=A8tUwYgkQU1YcXoAUE9r1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC10dwRncHJpZAMxWU5tY2FYMVFGQ2ZvUXZGN1N0bzVBBG5fcnNsdAMwBG5fc3VnZwMwBG9yaWdpbgN0dy5zZWFyY2gueWFob28uY29tBHBvcwMwBHBxc3RyAwRwcXN0cmwDBHFzdHJsAzQ4BHF1ZXJ5AyVFNiVBRCVBMSVFNiVBRCU4QyUyMCVFNSVCMCU4OCVFNiU4MyU4NSVFNSU5QyU5OAR0X3N0bXADMTQ4MTQ1Nzk3Ng--?p=%E6%AD%A1%E6%AD%8C+%E5%B0%88%E6%83%85%E5%9C%98&fr2=sb-top-tw.search&fr=yfp-t-900-tw&rrjfid=2905815 isexsex[前往][教學] 駭客來源網域清單[前往]歸檔星球[前往]Ncku1897cw[分享] 安倍晉三槍擊真相8891coursesDayibin[前往]wisechipGMAP[前往][前往]ustvanime1.oneInfogramgeocities00webedimakor.hitpaw[前往]chtd1-dm.onlineplain-melifestyle-globalHiendy[前往][前往][前往]ksyunuggC2088appleOpencbc[前往]Gilineageyidtravelmoredigitalsmgchttp://archivestar.isgre.at/?site=1[前往]fujitsushowbaUlifeStyle[教學] IPZ影片來源連接[前往]Yay.Boo[分享] 女友月經來男生必做「7件暖事」[前往][前往]Cfbwz[前往]歸檔星球wiki.52pokeloccitane[前往]yphs.ntpc[前往]cadmenBuffer[分享] 使用Ping來確認網路速度Nzdaoartkaoji[前往]wwunionLuoxiaojiaoTeafishemshosttaiwanmobile肯特城天堂WeeblygtcmTumblrfintechspace[前往]itqu[前往]Wphl[前往]nealsyardremedies[前往][前往]5dk5[前往]1010hopepipewikixjj1[教學] Win7/Win8.1升級Win10Firstory[前往]kreosite79bo3Guzhen0552cnaMem168new[前往]2ndstreettw985colatour[前往]瑞銓藝術鍛造生產提供藝術鍛造門、鍛造欄杆、鍛造扶手、鍛造防盜窗、鍛造採光罩、鍛造信箱、鍛造門牌、鍛造飾屏、鍛造精品、鍛造門窗。[前往]slack[技術] Word 2007在Win 10出現記憶體不足問題解決[前往]Wudao28[資料] 愛情觀心理測驗amazonaiguajiLvziku[教學] 降血脂之生活對策[前往][前往]cpokwikibooksHolkeeadimargarettaskerpedia.cloudRav4-clubMega[前往][前往]qiaoxiaojundictionnaire.reversoarubanetworksfapcat[前往][前往]edhMmluna2szw0Fans17[前往]ana[前往]yomixsimbabloggadoresYwhhg[教學] Windows桌面右鍵沒反應一直轉圈(桌面滑鼠右鍵點不出來)[教學] 從「慈不掌兵,義不掌財」到IT專案管理:領導風格對專案失敗率之探討workerman.wacafilm-supply[前往][前往]whichavmojoinmediatek[前往][前往]easycard基督生命堂基督生命堂[前往]Monyirowiki.esut.tp[前往]official.meetbao[前往]minecraft.wikiCOLabSienta-clubaxiangdarkmlsearchCari[前往]snw999[前往]twsingmsithevestiAcdccollegewordpressAsusclaude.ai[前往][前往]tech.udnzenzhoultdSexline998LohastwChaforumStrikinglylazy-hour歸檔星球[前往][教學] 停用WINDOWS更新方式iskyhongkongdisneylandyxsensing[前往]bookletRisuHinet[前往]mookbus[前往]IdcpfyslbeautyhahababyselectwdasechotelcozzinewspringshopmpiBingFong[前往][前往]ivyhurrybuyOneDrive歸檔星球https://jplop.neocities.org/ptsplus.tvhttps://www.jplopsoft.idv.tw/neocities/poyabuy[前往][前往]netbridgetechhttp://jplop-ki9.softether.net/歸檔星球[前往]leoarc.waca[前往][前往]dfd.video.nchuaeroleadshophyphylenovo[教學] TCP Port 說明[前往]miestilojewelry[前往][教學] SEO[教學] 執行檔簽名方式olite.shoplineapp[前往][前往]boardmix[前往][前往]specialthankhttp://samsung.jplopsoft.idv.tw/?site=1Grok[前往]Bit[資料] Win圖示庫http://hawl-tc-s2k62.softether.net/[前往]rinnaifamily.rinnaichowsangsangheheshangwu[前往][前往]Hoptoibmeasyps[前往]tecomeosasc17playrgakgPopDaily[教學] 吸引力法則[前往]udnafnorgsscsr.auo[前往]c.obskyYanyikuline[前往]xyg688sunping-lifegjtaiwanzingala[前往]Wkbilibiliinnovue.ltdboseSteamhttp://as2024.myfw.us/?site=1nextapple[機密] 2023台灣北部女士官私密照[前往]Shopee[前往][前往][教學] 基於 Cheat Engine DBVM 的低層級記憶體存取技術分析sfworldwideproton.meadidashttp://googledrive.asuscomm.com/[前往][資訊] 詭異的電話號碼IT TOP Blog