J-Security Center

Title: SpiderSales Shopping Cart Multiple Vulnerabilities

Severity: HIGH

Description:

SpiderSales shopping cart is a web based e-commerce shopping cart solution that is designed for Microsoft Windows operating systems. SpiderSales is written in ASP and can use Microsoft SQL Server, Microsoft Access, and MySQL as a database.

Multiple vulnerabilities have been identified in the application that may allow an attacker to obtain the private cryptographic key and gain access to sensitive information. The application is also reported prone to an SQL injection vulnerability that may allow an attacker to gain admisitrative level access to the underlying database.

The following specific issues have been identified:

It has been reported that SpiderSales employs the RSA cryptosystem, which is a public key cryptosystem offering encryption and digital signatures for authentication. The basis of the RSA cryptosystem algorithm relies on two large prime numbers p and q which are multiplied to derive the modulus n. Due to the nature of the RSA cryptosystem, it is possible to obtain a private key if one could factor n into p and q. The issue presents itself due to improper implementation of the RSA cryptosystem by SpiderSales. Reportedly, the application specifies the maximum length of n to 20 bits, however, the minimum length of the modulus is not specified. As a result, there is a possibility of the private key being compromised due to an implementation weakness. Furthermore, it has been reported that both the public and private keys are stored in the same database table. This weakness could increase the chances of the private key being disclosed in case the attacker gains unauthorized access to the database.

SpiderSales has also been reported prone to a SQL injection vulnerability that may allow an attacker to gain administrative level access to the underlying database. The issue exists due to insufficient sanitizing of the 'userId' URI parameter employed by various scripts. It is possible for a remote user to inject arbitrary SQL queries into the database used by the application. This could also permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. It has been reported that a successful attack of this nature, could allow an attacker to disclose all information from the database and possibly execute arbitrary commands.

SpiderSales version 2.0 is assumed to be vulnerable to these issues, however, other versions could be affected as well.

Affected Products:

  • SpiderSales SpiderSales 2.0.0

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.