This host is running Cart Engine and is prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database, conduct open-redirect attacks and execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

No solution or patch is available as of 9th February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.c97.net/

Multiple errors exists due to, - Insufficient validation of the input parameters 'item_id[0]' and 'item_id[]' passed to cart.php page. - Insufficient sanitization of multiple pages output which includes the user submitted content. - Insufficient validation of the user-supplied input in index.php, cart.php, msg.php and page.php scripts.

Cart Engine version 3.0. Other versions may also be affected.

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

• http://1337day.com/exploit/22690
• http://packetstormsecurity.com/files/128276
• http://www.exploit-db.com/exploits/34764/

---

Updated on 2015-03-25