Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

CactuShop XSS and SQL injection flaws Vulnerability Scan

Vulnerability Scan Summary
Checks CactuShop flaws

Detailed Explanation for this Vulnerability Test

The remote host runs CactuShop, an e-commerce web application written in ASP.

The remote version of this software is vulnerable to cross-site scripting
due to a lack of sanitization of user-supplied data in the script

Successful exploitation of this issue may allow a possible hacker to execute
malicious script code on a vulnerable server.

This version may also be vulnerable to SQL injection attacks in
the scripts 'mailorder.asp' and 'payonline.asp'. The user-supplied
input parameter 'strItems' is not filtered before being used in
an SQL query. Thus the query modification through malformed input
is possible.

Successful exploitation of this vulnerability can enable a possible hacker
to execute commands in the system (via MS SQL the function xp_cmdshell).

Solution: Upgrade to the latest version of this software
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.