by r0t,der4444,cembo,VietMafia

Friday, December 16, 2005

iHTML Merchant Version 2 Pro sql inj.

iHTML Merchant Version 2 Pro sql inj.

Vuln. discovered by : r0t
Date: 16 dec. 2005
vendor:http://www.ihtmlmerchant.com/features_2_pro.htm
affected version:2 and prior

Product Description:

The iHTML Merchant Pro builds on the success of the first version. Basically we took all the feedback from users and built it into the product. It is an affordable, fully customizable system for creating web storefronts and much more advanced that the first version. Ideal for small and medium sized businesses, it is both powerful and easy to use. ISPs will appreciate the browser-based administration which allows customers to handle their own configuration and changes. Featuring complete banner ad management, several different payment processing options, professional templates and the ability to handle complex shipping and tax calculations, this system is one of the fastest and easiest ways to get high-end stores online.

Vuln. Description:

Merchant Version 2 Pro contains a flaw that allows a remote sql injection attacks.Input passed to the "id" "pid" "step" parameters isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code


example:
/merchant.ihtml?id=56&step=[SQL]
/merchant.ihtml?id=[SQL]
/merchant.ihtml?pid=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew