by r0t,der4444,cembo,VietMafia

Monday, January 02, 2006

Primo Cart SQL inj.

Primo Cart SQL inj.

Vuln. discovered by : r0t
Date: 2 jan. 2006
vendor:www.primoplace.com/primo-cart.htm
affected version:1.0 and prior


Product Description:

Primo Cart is a fully customizable turnkey shopping cart solution that enables any novice to advance level merchant to execute and manage their very own storefront fast and easy. The administration area interface is design with CSS for a clean look/feel and new AJAX technology for fast product management made easy. Coupled with the robust Smarty template engine, changes to the look/feel can be performed directly via FTP. Backend by MySQL and optimized for fast product querying. Supports Authorize.net and dynamic shipping cost lookup via UPS Online Tools, unlimited products, unlimited category nesting, unlimited custom fields, options/variances, product images, product rating/reviews, and unique category meta tags. The advance product import tool takes in a CSV file for mass imports. Primo cart offers free updates and community support to keep your cart tuned and in shape.


Vuln. Description:

Primo Cart contains a flaw that allows a remote sql injection attacks.Input passed to the "q" parameter in "search.php" and "email" parameter in "user.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code

poc.

/user.php?email=[SQL]&action=send-password-now
/search.php?action=search&q=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

10 Comments:

Blogger Rammy told...

happy and prosperous new year

latest gadgets review

3:09 PM

 
Anonymous Anonymous told...

are you alive r0t?

3:42 PM

 
Anonymous Anonymous told...

Actually Ihave the same question to ask...

cembo

11:18 PM

 
Anonymous friend told...

r0t will never die in your minds.

2:47 AM

 
Anonymous Anonymous told...

r0t.. wont die in my mind. But i am concerned for him.. No contact with him since his last post here on the blog. Maybe bad things happen..

5:25 AM

 
Anonymous s.u.n. told...

I see u all didnt read what he wrote a week before the new year. They have a new underground site, which he and his team mates, puted on the web on the 1st of january! And how i understood, the site will stay underground and this site belongs to history ;)! Happy new year! Tev ar r0t laimiigu Jauno gadu, ja nu gadiijumaa tu veel sheit iegriezies!

2:48 PM

 
Anonymous Anonymous told...

The underground site for his 'teammates' is empty.. No action there. Im admin on it. He hasnt been on icq either.

So I thinks something bad may have happened. If you have worked with him on somethings, you may want to clean up your drives..

7:04 PM

 
Anonymous Anonymous told...

Actually I don't think that something bad has happened, probably just on a trip somewhere, although he hasn't been online recently... Well anyway, let's hope he returns soon.

cembo

10:34 PM

 
Anonymous friend told...

r0t has tested many systems and in last days his tests was to far away from legal tests.
Guys who know him, will know that he had also before problems with some goverments/laws.
He was everywhere and nowhere.
Last time when i get him icq , he told that if there somebody will ask about him,blog,forum,etc. That i shoud inform cembo,der4444 and others , to dont stop and to do without him.
When he will have chance to be in #net he will tell everything by himself, but if it was last time for him ,cembo or der4444 or any other guy who knewed r0t "good" will write a story about him.
I hope he will be back and soon.

Just friend.

3:59 AM

 
Anonymous Anonymous told...

errf

9:21 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew