by r0t,der4444,cembo,VietMafia

Monday, December 05, 2005

eCommerce Enterprise Edition SQL inj. vuln.

Web4Future eCommerce Enterprise Edition v2.1 SQL inj. vuln.

Vuln. dicovered by : r0t
Date: 5 dec. 2005
vendor:http://www.web4future.com/products.php?p=ecomm
affected version:v2.1 and prior + eCommerce HOME edition have same vuln.

Product Description:
A fully template driven system which you can use the software to sell any kind of products from computers, household items, downloadable goods, services, groceries, cars or real estates.


Vuln. Description:

Input passed to the "prod","brid" parameter in "view.php" and "bid" parameter in "viewbrands.php" and "grp","cat" parameter in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


examples:
/view.php?prod=[SQL]
/viewbrands.php?bid=[SQL]
/view.php?prod=1010001&brid=[SQL]
/index.php?action=ViewGroups&grp=[SQL]
/index.php?action=ViewCategories&cat=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew