by r0t,der4444,cembo,VietMafia

Tuesday, April 25, 2006

QuickEStore 7.9 vuln.

###############################################
Vuln. discovered by : r0t
Date: 25 april 2006
vendorlink:www.quickestore.com
affected versions:7.9 and previous
###############################################


Vuln. Description:


1. SQL Injection vuln.

QuickEStore contains a flaw that allows a remote sql injection attacks.Input passed to the "OrderID" parameter in "shipping.cfm","checkout.cfm" and input passed to the "ItemID" parameter in "proddetail.cfm" and input passed to the "SubCatID" parameter in "index.cfm" and input passed to the "CategoryID" parameter in "prodpage.cfm" isn't properly sanitised before being used in a SQL query and Input passed to the "ProdID" parameter in "Details.cfm" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples:

/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]
/index.cfm?CFID=1&CFTOKEN=1&SubCatID=[SQL]
/proddetail.cfm?CFID=1&CFTOKEN=1&ItemID=[SQL]
/checkout.cfm?CFID=&CFTOKEN=&OrderID=[SQL]
/shipping.cfm?CFID=&CFTOKEN=&OrderID=[SQL]



2. Full Path Disclosure.

The problem is that it is possible to disclose the full path to the installation by supplying an invalid parameter of those file paremeters wich are affected to sql injection attacks(look at 1 vuln.).

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew