CVE-2003-0560
published 2003-08-18CVE-2003-0560: SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter.
PriorityP339critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
3.17%
86.4th percentile
SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| virtual_programming | vp-asp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (1)
exploitdb·2003-07-10
CVE-2003-0560 Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (1)
Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (1)
---
source: https://www.securityfocus.com/bid/8159/info
It has been reported that VP-ASP does not sufficiently sanitize user input passed to the shopexd.asp script contained in the software. As a result, it may be possible for remote attackers to embed SQL commands which are to be passed to the underlying database engine.
#!/usr/bin/perl
# PRIVATE***PRIVATE***PRIVATE***PRIVATE***PRIVATE***PRIVATE***PRIVATE
# 1ndonesian Security Team (1st)
# ==============================
# VP-ASP Shopping Cart - Exploit
# Discover by : TioEuy & AresU;
# Greetz to: syzwz (ta for da ipod), Bosen, sakitjiwa, muthafuka all
# [email protected]/austnet.org, #[email protected]
# http://bosen.net/releases/
use Socket;
$dodolbasik = "t
Exploit-DB
Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (2)
exploitdb·2003-07-10
CVE-2003-0560 Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (2)
Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (2)
---
source: https://www.securityfocus.com/bid/8159/info
It has been reported that VP-ASP does not sufficiently sanitize user input passed to the shopexd.asp script contained in the software. As a result, it may be possible for remote attackers to embed SQL commands which are to be passed to the underlying database engine.
#!/usr/bin/perl -w
$pamer = "
1ndonesian Security Team (1st)
tio-fux.pl, vpasp SQL Injection Proof of Concept
Exploit by : Bosen & TioEuy
Discover by : TioEuy, AresU
Greetz to : AresU, syzwz (ta for da ipod), TioEuy, sakitjiwa,
muthafuka all #hackers\@centrin.net.id/austnet.org
http://bosen.net/releases/
"; # shut up ! we're the best in our country :)
use LWP::UserAgent; # LWP Mode sorry im lazy :)
use
No writeups or analysis indexed.
2003-08-18
Published