3.0Standard

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

ecommerce-corporation-online

nessus

exploit available

NVD

Published: 2004-11-23

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter.

Vulnerable Configurations

Part	Description	Count
Application	Ecommerce_Corporation_Online Ecommerce Corporation Online Store KIT 3.0_Lite Ecommerce Corporation Online Store KIT 3.0_Pro Ecommerce Corporation Online Store KIT 3.0_Standard	3

Exploit-Db

description	Ecommerce Corporation Online Store Kit 3.0 More.PHP XSS. CVE-2004-0301. Webapps exploit for php platform
id	EDB-ID:23712
last seen	2016-02-02
modified	2003-02-17
published	2003-02-17
reporter	David Sopas Ferreira
source	https://www.exploit-db.com/download/23712/
title	Ecommerce Corporation Online Store Kit 3.0 More.PHP XSS

Nessus

NASL family	CGI abuses
NASL id	ECOMMERCE_CORP_SQL_INJECTION.NASL
description	The remote host is running Ecommerce Corporation Online Store Kit, a web-based e-commerce CGI suite. There is a SQL injection vulnerability in the
last seen	2020-06-01
modified	2020-06-02
plugin id	12062
published	2004-02-17
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/12062
title	Ecommerce Corp. Online Store Kit 3.0 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(12062); script_version("1.22"); script_cve_id("CVE-2004-0300", "CVE-2004-0301"); script_bugtraq_id(9676, 9687); script_name(english:"Ecommerce Corp. Online Store Kit 3.0 Multiple Vulnerabilities"); script_summary(english:"More.php MoSQL Injection"); script_set_attribute( attribute:"synopsis", value: "A web application running on the remote host has a SQL injection vulnerability." ); script_set_attribute( attribute:"description", value: "The remote host is running Ecommerce Corporation Online Store Kit, a web-based e-commerce CGI suite. There is a SQL injection vulnerability in the 'id' parameter of 'more.php'. This could allow a remote attacker to execute arbitrary SQL commands, which could be used to take control of the database. Additional vulnerabilities have been reported in various scripts, though Nessus has not tested for them." ); script_set_attribute( attribute:"solution", value:"Upgrade to the latest version of this software." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"plugin_publication_date", value: "2004/02/17"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/02/17"); script_cvs_date("Date: 2018/06/13 18:56:26"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_dependencie("find_service1.nasl", "http_version.nasl"); script_require_ports("Services/www", 80); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_keys("www/PHP"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); if (!can_host_php(port:port))exit(0); function check_dir(path) { local_var req, res; req = string(path, "/more.php?id=1'"); res = http_send_recv3(method:"GET", item:req, port:port); if (isnull(res)) exit(0); if ( "SELECT catid FROM catlink WHERE prodid=1" >< res[2] ) { security_hole(port); set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE); exit(0); } } foreach dir (cgi_dirs()) { check_dir(path:dir); }

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References