by r0t,der4444,cembo,VietMafia

Saturday, April 08, 2006

Shopweezle 2.0 multiple vuln.

Shopweezle 2.0 multiple vuln.

###############################################
Vuln. discovered by : r0t
Date: 9 april 2006
vendor:http://shopweezle.de/
affected versions:
ShopWeezle PERSONAL
ShopWeezle PROFESSIONAL
ShopWeezle PROFESSIONAL+
###############################################


Vuln. description:


1. SQL injection vuln.

Shopweezle contains a flaws that allows a remote sql injection attacks.Input passed to the "itemID","brandID","album" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples:

/login.php?caller=xlink&url=detail.php&itemID=1[SQL]
/index.php?x=0&itemgr=1[SQL]
/index.php?caller=xlink&url=brand.php&brandID=1[SQL]
/memo.php?itemID=1[SQL]
/index.php?x=0&caller=xlink&url=gallery.php&album=1[SQL]

2. Full Path Disclosure

An attacker can get full install path by testing SQL attack vuln.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

1 Comments:

Blogger kansok told...

Problems described under (1) and (2) are solved with version 2.0.16, realeased on 28th May 2006.

- inputs checked
- error messages with SQL-commands and full path informations disabled

Greetings,
Andreas Kansok.

2:15 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew