Shopweezle 2.0 multiple vuln.
Shopweezle 2.0 multiple vuln.
###############################################
Vuln. discovered by : r0t
Date: 9 april 2006
vendor:http://shopweezle.de/
affected versions:
ShopWeezle PERSONAL
ShopWeezle PROFESSIONAL
ShopWeezle PROFESSIONAL+
###############################################
Vuln. description:
1. SQL injection vuln.
Shopweezle contains a flaws that allows a remote sql injection attacks.Input passed to the "itemID","brandID","album" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
examples:
/login.php?caller=xlink&url=detail.php&itemID=1[SQL]
/index.php?x=0&itemgr=1[SQL]
/index.php?caller=xlink&url=brand.php&brandID=1[SQL]
/memo.php?itemID=1[SQL]
/index.php?x=0&caller=xlink&url=gallery.php&album=1[SQL]
2. Full Path Disclosure
An attacker can get full install path by testing SQL attack vuln.
###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/
r0t at 23:54
1 Comments:
Problems described under (1) and (2) are solved with version 2.0.16, realeased on 28th May 2006.
- inputs checked
- error messages with SQL-commands and full path informations disabled
Greetings,
Andreas Kansok.
2:15 AM
Post a Comment
<< Home