by r0t,der4444,cembo,VietMafia

Sunday, April 09, 2006

APT-webshop-system vuln.

APT-webshop-system vuln.

###############################################
Vuln. discovered by : r0t
Date: 9 april 2006
vendor:http://www.apt-webservice.de/shopsoftware/
affected versions:
4.0 PRO
3.0 BASIC
3.0 LIGHT
###############################################


Vuln. description:


1. SQL injection vuln.

APT-webshop-system contains a flaws that allows a remote sql injection attacks.Input passed to the "group","seite","id" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples:


/modules.php?warp=artikel&group=[SQL]
/modules.php?warp=artikel&group=&seite=[SQL]
/modules.php?warp=artikel&group=&seite=&id=[SQL]

2. Full Path Disclosure

An attacker can get full install path by testing SQL attack vuln.



+

Bonnus:


/modules.php?warp=File

&

/modules.php?warp=basket&message=%3Cli%3E%3Ca%
20href=http://r0t.in/%3EUNSECURED%20SYSTEMS%3
C/a%3E%3C/li%3E

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew