CVE-2005-4003
ASPS Shopping Cart Professional <= 2.9d and Lite <= 2.1 - SQL Injection via srch_product_name or b_search Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2005-4003. PoCs published by r0t3d3Vil.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in ASPS Shopping Cart by injecting a script tag into the 'b_search' parameter. The PoC shows how arbitrary JavaScript can be executed in the context of the affected site.
Description
Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) srch_product_name parameter to adv_search.asp and (2) b_search parameter to bsearch.asp. NOTE: the original disclosure was specifically only for an XSS issue, but the CVE description was for SQL injection. Since the original disclosure, SQL injection vectors have been reported. This CVE might be REJECTed or significantly altered pending additional information.
Exploits (2)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in ASPS Shopping Cart by injecting a script tag into the 'b_search' parameter. The PoC shows how arbitrary JavaScript can be executed in the context of the affected site.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in ASPS Shopping Cart by injecting a script tag into the search parameters. The PoC shows how arbitrary JavaScript can be executed in the context of the affected site.