by r0t,der4444,cembo,VietMafia

Wednesday, November 23, 2005

digiSHOP 3.x SQL injection vuln.

digiSHOP 3.x SQL injection vuln.


Vuln. dicovered by : r0t
Date 23 nov. 2005
Vendor:http://digishop.sumeffect.com/
affected version:tested on digiSHOP 3.1.17 , vuln. also can be all 3.x and prior versions.
Vuln. Description:
1.
Input passed to the "product_list&c" parameter in "cart.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/cart.php?m=product_list&c=[SQL]

2.
Also digiSHOP Search engine contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search feature not properly sanitizing user-supplied input.
This may allow an attacker to inject or manipulate SQL queries in the backend database.Additionally, if a failed query is performed, the program will disclose the software's installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.


Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous Anonymous told...

this was fixed May 15, 2005
-Sum Effect Support Team

10:14 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew