by r0t,der4444,cembo,VietMafia

Friday, November 25, 2005

CS-Cart SQL inj. vuln.

CS-Cart SQL inj. vuln.

Vuln. dicovered by : r0t
Date: 25 nov. 2005
affected version: Latest.

Product description:
CS-Cart is a turnkey solution that includes all of the necessary features and functions to successfully build an online product store/catalog. It is ready to use "out of the box". With its easy to use functionality you can immediately start to build and operate an ecommerce website of any complexity: from a simple offline product catalog to fully-featured interactive online store. Optimized programming code makes it possible to build catalogs that can easily handle over 10,000 product and informational pages. And integrated HTML catalog tool allows generating a search-engine friendly version of your website.

Vuln. Description:

Input passed to the "sort_by" and "sort_order" parameters isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.



Edit the source code to ensure that input is properly sanitised.


Anonymous Anonymous told...

Actually, CS-Cart filters and sanitizes all data came into script from user.
Thus there is no any possibility to apply any kind of SQL injection with CS-Cart.
The bug described in this article is just a bug but not vulnerability as it causes script execution error and can't be used to affect any data anyhow.

Anyway, this is already fixed in the latest CS-Cart version.

9:49 AM

Anonymous r0t told...

No SQL injection was real... its good to hear that you fix in new version...

7:41 PM

Anonymous Anonymous told...

CS-Cart shopping cart with a fix you can download now All bugs are fixed

7:21 AM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew