Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

ProductCart Multiple Input Validation Vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
Checks for multiple input validation vulnerabilities in ProductCart

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains an ASP script that is affected by
several flaws.

Description :

The remote host is running a version of the ProductCart shopping cart
software that suffers from several input validation vulnerabilities:

- SQL Injection Vulnerabilities
The 'advSearch_h.asp' script fails to sanitize user input to
the 'idCategory', and 'resultCnt' parameters, allowing an
attacker to manipulate SQL queries.

- Multiple Cross-Site Scripting Vulnerabilities
The application fails to sanitize user input via the
'redirectUrl' parameter of the 'NewCust.asp' script, the
'country' parameter of the 'storelocator_submit.asp' script,
the 'error' parameter of the 'techErr.asp' script, and the
'keyword' parameter of the 'advSearch_h.asp' script before
using it in dynamically generated web content. A possible hacker
can exploit these flaws to cause arbitrary HTML and script
code to be executed in a user's browser in the context of
the affected website.

Solution :

Unknown at this time.

Threat Level:

Medium / CVSS Base Score : 5

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.