Valdersoft Shopping Cart search_result.php Multiple Parameter SQL Injection

2005-03-27T22:15:05
ID OSVDB:15054
Type osvdb
Reporter Diabolic Crab(dcrab@hackerscenter.com)
Modified 2005-03-27T22:15:05

Description

Vulnerability Description

Valdersoft Shopping Cart contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'searchQuery' and 'searchTopCategoryID' variables in the search_result.php script are not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version 3.0 or higher, obtained from the vendor site on or after March 30, 2005, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

NOTE: The vendor has fixed the vulnerability without changing the version number.

Short Description

Valdersoft Shopping Cart contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'searchQuery' and 'searchTopCategoryID' variables in the search_result.php script are not verified properly and will allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/store/search_result.php?sid=&searchTopCategoryID=&searchQuery='SQL_INJECTION&sid=CDFE279AC2AD08522DF1CF9B46475132currency=USD

http://[victim]/store/search_result.php?sid=CDFE279AC2AD08522DF1CF9B46475132&searchTopCategoryID='SQL_INJECTION&searchQuery=&sid=CDFE279AC2AD08522DF1CF9B46475132&currency=USD

References:

Vendor URL: http://www.valdersoft.com/valdersoft_shopping_cart.php Security Tracker: 1013565 Secunia Advisory ID:14719 Related OSVDB ID: 15051 Related OSVDB ID: 15052 Related OSVDB ID: 15055 Related OSVDB ID: 15053 Related OSVDB ID: 15056 Other Advisory URL: http://www.hackerscenter.com/Archive/view.asp?id=1780 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0470.html ISS X-Force ID: 19848 CVE-2005-0907