by r0t,der4444,cembo,VietMafia

Thursday, December 15, 2005

PlexCart X3 SQL inj. vuln.

PlexCart X3 SQL inj. vuln.

Vuln. discovered by : r0t
Date: 15 dec. 2005
vendor:www.plexum.com/ecommerce/shopping_cart/
affected version:3.0 and prior

Product Description:
Your complete eCommerce and shopping cart solution for online web stores of all sizes. PLEXCART X3 makes the management of your online store easier – so you have more time to devote to building your business – instead of spending all of your time running it!

Vuln. Description:

PlexCart X3 contains a flaw that allows a remote sql injection attacks.Input passed to the all parameters in product search module isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code

Solution:
Edit the source code to ensure that input is properly sanitised.

4 Comments:

Anonymous Anonymous told...

why can you never leave a real example of an sql injection? cut and paste xss is eazy, takes no skillz. sql injection you can only put a ` and say its injectoin from error. lame

8:25 AM

 
Anonymous r0t told...

lame is that you kidies always need a real examples.
copy/paste XSS , i do it with XSS cause not always is the same method as by SQL inj.
To learn i also easy, so if you will learn somethin you will not need "real" examples.

5:29 PM

 
Anonymous anti-anonymous said... told...

I need someone to hold my hand and explain to me how this works... Please show me EXACTLY what to do so i can Haxzorz their computerz. I want to be 133t. Please??!?!

5:43 PM

 
Blogger r0t told...

l33t?
is it fame from you?
nobody will learn you you how to, cauz you will find all how to´s on net.
try to start with google.com

9:58 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew