Valdersoft Shopping Cart index.php lang Parameter SQL Injection

2005-03-27T22:15:05
ID OSVDB:15053
Type osvdb
Reporter Diabolic Crab(dcrab@hackerscenter.com)
Modified 2005-03-27T22:15:05

Description

Vulnerability Description

Valdersoft Shopping Cart contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'lang' variable in the index.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version 3.0 or higher, obtained from the vendor site on or after March 30, 2005, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

NOTE: The vendor has fixed the vulnerability without changing the version number.

Short Description

Valdersoft Shopping Cart contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'lang' variable in the index.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/store/index.php?sid=CDFE279AC2AD08522DF1CF9B46475132&lang='SQL_INJECTION

References:

Vendor URL: http://www.valdersoft.com/valdersoft_shopping_cart.php Security Tracker: 1013565 Secunia Advisory ID:14719 Related OSVDB ID: 15051 Related OSVDB ID: 15052 Related OSVDB ID: 15055 Related OSVDB ID: 15054 Related OSVDB ID: 15056 Other Advisory URL: http://www.hackerscenter.com/Archive/view.asp?id=1780 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0470.html ISS X-Force ID: 19848 CVE-2005-0907