by r0t,der4444,cembo,VietMafia

Monday, December 05, 2005

Widget Imprint SQL inj. vuln.

Widget Imprint SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 5 dec. 2005
Vendor:http://www.widgetpress.com/products?product=wimprint
affected version: 1.0.26 and prior

Product Description:
Database driven web software designed for the heat-transfer imprint, impact print shop to sell promotional items online. (similar to CafePress.com, but you can add any imprintable product you like) Have your customers create their own products, such as T-shirts, mugs, mousepads, boxers, aprons, coasters and so on, with real-time preview. Complete print web service package, Product management, Add product samples, Order tracking, Add company logo, CMS, Real-time customer photo upload, Shopping cart, Online commerce, and Multi-language suppor


Vuln. description:
Input passed to the "product_id" parameter in "create.php" isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/create.php?action=create&product_id=[SQL]


Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew