Print Page | Close Window

Security Questions on v4.7

Printed From: ProductCart E-Commerce Solutions
Category: ProductCart
Forum Name: Getting Started
Forum Description: Installing, activating, and getting started with ProductCart
URL: https://forum.productcart.com/forum_posts.asp?TID=5881
Printed Date: 21-November-2024 at 11:44am
Software Version: Web Wiz Forums 12.04 - http://www.webwizforums.com


Topic: Security Questions on v4.7
Posted By: Scurit
Subject: Security Questions on v4.7
Date Posted: 29-April-2014 at 8:57pm
I was recently contacted by a client that uses your system and has another party that regularly does Nessus vulnerability scans on their network/systems. This week then sent me some information and I verified that it was indeed valid -on their site. I was unable to reproduce the same result on your demo site which raises a few questions Dead. They said they are running a fully patched system and it is the latest version, but without access to their actual system I can not verify that for a fact yet. I'm hoping to get access to their system here shortly as well as the server it resides on.

The first issue that was detected was a SQL Injection/information disclosure vulnerability in the opc_OrderVerify.asp, and when I followed the steps in the report, I was indeed able to reproduce and get the results in the report. it dumped out a debug of the following (not posting the "how", just the results):

 SELECT payTypes.paymentDesc, customCardTypes.idcustomCardType FROM payTypes INNER JOIN customCardTypes ON payTypes.paymentDesc = customCardTypes.customCardDesc WHERE (((payTypes.idPayment)=123 or));

The second item was a XSS vulnerability in  the same file as well as the msgb.asp file (I won't post the details here either - you can msg me for that). 

I'm not an expert on ProductCart by any means - just security with a background in classic asp. What I would like to know is, is it possible there is a debug feature that needs to be turned off somewhere in one of the asp files (which I didn't see in the demo admin screens) and how could their site have a XSS vulnerability and the demo site not show the same behavior if they are running the same version? Server script/security settings possibly? Can you tell me anything else that might affect their system and make it act differently than your demo? Thanks in advance! 


Replies:
Posted By: Matt
Date Posted: 29-April-2014 at 9:56pm
Yes, that is exactly correct.  There is a debug variable that is probably commented out.

Can you open a ticket to continue this conversation since it may involve sensitive information?

Posted By: Scurit
Date Posted: 29-April-2014 at 10:16pm
I don't have their license number at this time, can I still create a ticket?

Posted By: Greg Dinger
Date Posted: 30-April-2014 at 2:16pm
I would recommend writing to them at info AT productcart.com

-------------
GreyBeard Design Group

Certified ProductCart Developer

Web Design/Development/Hosting

http://tinyurl.com/5c8t4t" rel="nofollow - Add-Ons & Custom Code |


Print Page | Close Window

Forum Software by Web Wiz Forums® version 12.04 - http://www.webwizforums.com
Copyright ©2001-2021 Web Wiz Ltd. - https://www.webwiz.net