QuickEStore 7.9 - SQL Injection and Path Diclosure Download Vulnerability

2009-12-29T00:00:00
ID EDB-ID:10771
Type exploitdb
Reporter indoushka
Modified 2009-12-29T00:00:00

Description

QuickEStore v.7.9 SQL Injection and Path Diclosure Download Vulnerability. Webapps exploit for asp platform

                                        
                                            ========================================================================================                  
| # Title    : QuickEStore v.7.9 SQLInjection and Path Diclosure Download Vulnerability|
| # Author   : indoushka                                                               |
| # email    : indoushka@hotmail.com                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       |
| # Web Site : www.iq-ty.com                                                           |
| # Tested on: windows SP2 Franรงais V.(Pnx2 2.0) + Lunix Franรงais v.(9.4 Ubuntu)       |
| # Bug      : SQL Injection                                                            | 
======================      Exploit By indoushka       =================================
| # Exploit  : 
| 
| Vulnerability description
| Input passed to the "CategoryID" parameter in prodpage.cfm, the "SubCatID" parameter in index.cfm, the "OrderID" parameter in shipping.cfm, and to the "ItemID" parameter in proddetail.cfm is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 
|
| Note that error messages disclose the full installation path. 
|
| Examples:
|/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]
|/index.cfm?CFID=1&CFTOKEN=1&SubCatID=[SQL]
|/proddetail.cfm?CFID=1&CFTOKEN=1&ItemID=[SQL]
|/checkout.cfm?CFID=&CFTOKEN=&OrderID=[SQL]
|/shipping.cfm?CFID=&CFTOKEN=&OrderID=[SQL]
|Confirmed in version 7.9. Other versions may also be affected.
|This vulnerability affects /sm-ak051/prodpage.cfm. 
|The impact of this vulnerability:
|The remote attacker can manipulate SQL queries by injecting arbitrary SQL code.
|Attack details:
|No details .
================================   Dz-Ghost Team   ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
Rafik (Tinjah.com) * Yashar (sc0rpion.ir) * Silitoad * redda * mourad (dgsn.dz) 
* Stake (v4-team) * Angel25dz (hackteatch.com)
-------------------------------------------------------------------------------------------