Vulnerabilities > CVE-2003-0509 - SQL Injection vulnerability in CyberStrong EShop 20review.ASP

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
cyberstrong
critical
nessus
exploit available
NVD
Published: 2003-08-07
Updated: 2017-07-11

Summary

SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.

Vulnerable Configurations

Part Description Count
Application
Cyberstrong
1

Exploit-Db

  • descriptionCyberStrong eShop 4.2 10expand.ASP SQL Injection Vulnerability. CVE-2003-0509. Webapps exploit for asp platform
    idEDB-ID:25923
    last seen2016-02-03
    modified2005-06-30
    published2005-06-30
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/25923/
    titleCyberStrong eShop 4.2 10expand.ASP SQL Injection Vulnerability
  • descriptionCyberStrong EShop 4.2 20review.ASP SQL Injection Vulnerability. CVE-2003-0509. Webapps exploit for asp platform
    idEDB-ID:25922
    last seen2016-02-03
    modified2005-06-30
    published2005-06-30
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/25922/
    titleCyberStrong EShop 4.2 20review.ASP SQL Injection Vulnerability

Nessus

NASL familyCGI abuses
NASL idCYBERSTRONG_ESHOP_SQL.NASL
descriptionThe remote host is running Cyberstrong eShop, a shopping cart written in ASP. The remote version of this software contains several input validation flaws leading to SQL injection vulnerabilities. An attacker may exploit these flaws to affect database queries, possibly resulting in disclosure of sensitive information (for example, the admin
last seen2020-06-01
modified2020-06-02
plugin id19391
published2005-08-07
reporterCopyright (C) 2005-2018 Josh Zlatin-Amishav
sourcehttps://www.tenable.com/plugins/nessus/19391
titleCyberstrong eShop Multiple Script ProductCode Parameter SQL Injection
code
#
# This script was written by Josh Zlatin-Amishav <josh at tkos dot co dot il>
#
# This script is released under the GNU GPLv2
#
# Fixed by Tenable:
#   - added See also.
#   - Revised plugin title (12/23/2008)


include("compat.inc");

if(description)
{
 script_id(19391);
 script_version ("1.18");

 script_cve_id("CVE-2003-0509");
 script_bugtraq_id(14101, 14103, 14112);

 script_name(english:"Cyberstrong eShop Multiple Script ProductCode Parameter SQL Injection");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server contains an ASP script that is affected by
multiple SQL injection flaws." );
 script_set_attribute(attribute:"description", value:
"The remote host is running Cyberstrong eShop, a shopping cart written
in ASP. 

The remote version of this software contains several input validation
flaws leading to SQL injection vulnerabilities.  An attacker may
exploit these flaws to affect database queries, possibly resulting in
disclosure of sensitive information (for example, the admin's user and
password) and attacks against the underlying database." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2003/Jul/3" );
 script_set_attribute(attribute:"solution", value:
"There is no known solution at this time." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"plugin_publication_date", value: "2005/08/07");
 script_set_attribute(attribute:"vuln_publication_date", value: "2003/06/30");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();


 summary["english"] = "Checks for a SQL injection in Cyberstrong eShop v4.2";

 script_summary(english:summary["english"]);

 script_category(ACT_ATTACK);

 script_family(english:"CGI abuses");
 script_copyright(english:"Copyright (C) 2005-2020 Josh Zlatin-Amishav");

 script_dependencies("http_version.nasl");
 script_require_ports("Services/www", 80);
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_keys("www/ASP");
 exit(0);
}

include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");

port = get_http_port(default:80, embedded:TRUE);
if(!get_port_state(port))exit(0);
if(!can_host_asp(port:port)) exit(0);

global_var port;

function check(url)
{
 local_var req, res;

 req = http_get(item:url +"/20Review.asp?ProductCode='", port:port);
 res = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);
 if ( res == NULL ) exit(0);
 if ( 'Microsoft OLE DB Provider for ODBC Drivers' >< res && 'ORDER BY TypeID' >< res )
 {
        security_hole(port);
	set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);
        exit(0);
 }
}

foreach dir ( cgi_dirs() )
{
  check(url:dir);
}

References