• IDP Daily Update #1312
  posted: 11/18/08
  
• NSM Daily Update #1312
  posted: 11/18/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1312
  posted: 11/18/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1300
  posted: 11/18/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 11/17/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: EarlyImpact ProductCart Multiple Vulnerabilities

Severity: HIGH

Description:

EarlyImpact ProductCart is e-commerce software that is implemented in ASP and available for Microsoft Windows systems.

EarlyImpact ProductCart is reportedly prone to multiple vulnerabilities. The specific issues include SQL injection, cross-site scripting and cryptographic weaknesses. These issues could expose sensitive data such as user credentials and allow for execution of hostile script code and HTML. These issues could allow for full compromise of the software.

The following specific issues were reported:

A cryptographic weakness in the user credential encryption routines was reported. In particular, the keystream used for the stream cipher is prone to a chosen plaintext attack. Credentials are encrypted (and decrypted) using a bitwise XOR operation with the keystream and the plaintext or ciphertext (respective to whether the data is being encrypted or decrypted). If the keystream can be determined, then it is trivial to decrypt credentials for customers and administrators of the software. The attacker would of course be required to have prior access to this data, but this may be accomplished through exploitation of the SQL injection vulnerability described below.

An SQL injection vulnerability has been reported in the advSearch_h.asp script. Data supplied via URI parameters to this script will be used directly in SQL queries without adequate input validation. This could allow for various attacks, such as disclosing encrypted user credentials (which could be decrypted via the previously mentioned cryptographic weakness). Other attacks are also possible.

A cross-site scripting issue was reported in the Custva.asp script. Input supplied to the 'redirectUrl' URI parameter will be included in dynamically generated pages without adequate sanitization of HTML and script code. An attacker could exploit this issue by embedding hostile HTML and script code via this parameter in a malicious link. If unsuspecting users following this link, the attacker-supplied code may be rendered in the web browser in the security context of the site. This could be exploited to steal cookie-based authentication credentials or to mount other attacks.

Affected Products:

• EarlyImpact ProductCart 1.5.0
• EarlyImpact ProductCart 1.5002.0
• EarlyImpact ProductCart 1.5003.0
• EarlyImpact ProductCart 1.5003.0r
• EarlyImpact ProductCart 1.5004.0
• EarlyImpact ProductCart 1.6.0b
• EarlyImpact ProductCart 1.6.0b001
• EarlyImpact ProductCart 1.6.0b002
• EarlyImpact ProductCart 1.6.0b003
• EarlyImpact ProductCart 1.6.0br
• EarlyImpact ProductCart 1.6.0br001
• EarlyImpact ProductCart 1.6.0br003
• EarlyImpact ProductCart 1.6002.0
• EarlyImpact ProductCart 1.6003.0
• EarlyImpact ProductCart 2.0.0
• EarlyImpact ProductCart 2.0.0br000
• EarlyImpact ProductCart 2.5.0

References:

• EarlyImpact: ProductCart Homepage