SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter.
Multiple vulnerabilities have been identified in the application that may allow an attacker to obtain the private cryptographic key and gain access to sensitive information. The application is also reported prone to an SQL injection vulnerability that may allow an attacker to gain administrative level access to the underlying database.The issues exist due to improper implementation of the RSA cryptosystem by SpiderSales and failure to sanitize user-supplied input via the 'userId' URI parameter employed by various scripts.SpiderSales version 2.0 is assumed to be vulnerable to these issues, however, other versions could be affected as well.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: email@example.com <mailto:firstname.lastname@example.org>.
The following proof of concept has been provided:http://www.example.com/Carts/Computers/viewCart.asp?userID=2893225125722634';exec%20master..xp_cmdshell%20'dir%20c:%20>%20c:\inetpub\wwwroot\dirc.txt'--&viewID=48
|2004-11-23||CVE-2004-0350||SpiderSales Shopping Cart Multiple Vulnerabilities||Low|
|2004-11-23||CVE-2004-0351||SpiderSales Shopping Cart Multiple Vulnerabilities||Low|