ProductCart advSearch_h.asp Multiple Parameter SQL Injection

2005-04-04T09:38:47
ID OSVDB:15263
Type osvdb
Reporter Diabolic Crab(dcrab@hackerscenter.com)
Modified 2005-04-04T09:38:47

Description

Vulnerability Description

ProductCart contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'idCategory' and 'resultCnt' variables in the advSearch_h.asp script are not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

ProductCart contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'idCategory' and 'resultCnt' variables in the advSearch_h.asp script are not verified properly and will allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/productcart/pc/advSearch_h.asp?priceFrom=0&priceUntil=999999999&idCategory='SQL_ERROR&idSupplier=10&resultCnt=999&keyword=dcrab

http://[victim]/productcart/pc/advSearch_h.asp?priceFrom=0&priceUntil=999999999&idCategory=0&idSupplier=10&resultCnt='SQL_ERROR&keyword=dcrab

References:

Vendor URL: http://www.earlyimpact.com Secunia Advisory ID:14833 Related OSVDB ID: 15266 Related OSVDB ID: 15267 Related OSVDB ID: 15264 Related OSVDB ID: 15265 Related OSVDB ID: 15268 Other Advisory URL: http://digitalparadox.org/advisories/prodcart.txt ISS X-Force ID: 15233 CVE-2004-2173 Bugtraq ID: 9669