osCommerce create_account_process.php Multiple Variable SQL Injection

2003-12-16T04:21:18
ID OSVDB:3045
Type osvdb
Reporter OSVDB
Modified 2003-12-16T04:21:18

Description

Vulnerability Description

OScommerce version 2.21ms1 contains a flaw that may allow a malicious user to send specially-crafted SQL statements to the create_account_process.php script. A remote attacker can register and save the form offline and add a SQL statement to the "country" or "product_id" field, which would allow the attacker to add, modify or delete information in the backend database, once the form is loaded back into the browser.

Solution Description

Upgrade to version 2.2ms2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

OScommerce version 2.21ms1 contains a flaw that may allow a malicious user to send specially-crafted SQL statements to the create_account_process.php script. A remote attacker can register and save the form offline and add a SQL statement to the "country" or "product_id" field, which would allow the attacker to add, modify or delete information in the backend database, once the form is loaded back into the browser.

References:

Vendor URL: http://www.oscommerce.com Vendor Specific Advisory URL Secunia Advisory ID:10443 Related OSVDB ID: 3074 Related OSVDB ID: 7367 Other Advisory URL: http://www.gulftech.org/vuln/osCommerce%20SQL%20Injection.txt Other Advisory URL: http://www.securiteam.com/unixfocus/5VP0D2A7FU.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-12/0230.html ISS X-Force ID: 13997 Bugtraq ID: 9211