ProductCart E-Commerce Solutions Homepage
Forum Home Forum Home > ProductCart > Getting Started
  New Posts New Posts RSS Feed - Security Questions on v4.7
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Security Questions on v4.7

 Post Reply Post Reply
Author
Message
Scurit View Drop Down
Newbie
Newbie


Joined: 29-April-2014
Location: Sarasota, FL
Status: Offline
Points: 3
Post Options Post Options   Thanks (0) Thanks(0)   Quote Scurit Quote  Post ReplyReply Direct Link To This Post Topic: Security Questions on v4.7
    Posted: 29-April-2014 at 8:57pm
I was recently contacted by a client that uses your system and has another party that regularly does Nessus vulnerability scans on their network/systems. This week then sent me some information and I verified that it was indeed valid -on their site. I was unable to reproduce the same result on your demo site which raises a few questions Dead. They said they are running a fully patched system and it is the latest version, but without access to their actual system I can not verify that for a fact yet. I'm hoping to get access to their system here shortly as well as the server it resides on.

The first issue that was detected was a SQL Injection/information disclosure vulnerability in the opc_OrderVerify.asp, and when I followed the steps in the report, I was indeed able to reproduce and get the results in the report. it dumped out a debug of the following (not posting the "how", just the results):

 SELECT payTypes.paymentDesc, customCardTypes.idcustomCardType FROM payTypes INNER JOIN customCardTypes ON payTypes.paymentDesc = customCardTypes.customCardDesc WHERE (((payTypes.idPayment)=123 or));

The second item was a XSS vulnerability in  the same file as well as the msgb.asp file (I won't post the details here either - you can msg me for that). 

I'm not an expert on ProductCart by any means - just security with a background in classic asp. What I would like to know is, is it possible there is a debug feature that needs to be turned off somewhere in one of the asp files (which I didn't see in the demo admin screens) and how could their site have a XSS vulnerability and the demo site not show the same behavior if they are running the same version? Server script/security settings possibly? Can you tell me anything else that might affect their system and make it act differently than your demo? Thanks in advance! 
Back to Top
Matt View Drop Down
Moderator Group
Moderator Group


Joined: 20-July-2006
Location: United States
Status: Offline
Points: 73
Post Options Post Options   Thanks (0) Thanks(0)   Quote Matt Quote  Post ReplyReply Direct Link To This Post Posted: 29-April-2014 at 9:56pm
Yes, that is exactly correct.  There is a debug variable that is probably commented out.

Can you open a ticket to continue this conversation since it may involve sensitive information?
Back to Top
Scurit View Drop Down
Newbie
Newbie


Joined: 29-April-2014
Location: Sarasota, FL
Status: Offline
Points: 3
Post Options Post Options   Thanks (0) Thanks(0)   Quote Scurit Quote  Post ReplyReply Direct Link To This Post Posted: 29-April-2014 at 10:16pm
I don't have their license number at this time, can I still create a ticket?
Back to Top
Greg Dinger View Drop Down
Certified ProductCart Developers
Certified ProductCart Developers
Avatar

Joined: 23-September-2006
Location: United States
Status: Offline
Points: 238
Post Options Post Options   Thanks (0) Thanks(0)   Quote Greg Dinger Quote  Post ReplyReply Direct Link To This Post Posted: 30-April-2014 at 2:16pm
I would recommend writing to them at info AT productcart.com
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.04
Copyright ©2001-2021 Web Wiz Ltd.

This page was generated in 0.045 seconds.