AutoPartsWarehouse SQL Injection

2009-07-14T00:00:00
ID PACKETSTORM:79186
Type packetstorm
Reporter Gm0
Modified 2009-07-14T00:00:00

Description

                                        
                                            `==============================================================  
===================[¦¦¦¦TeamQuarantine¦¦¦¦]===================  
===================[¦¦¦¦ 2009 ¦¦¦¦]===================  
============[¦¦¦¦TeamQuarantine@hushmail.com¦¦¦¦]=============  
===================[¦¦¦¦ Author: Gm0 ¦¦¦¦]===================  
==============================================================  
==============[¦¦¦¦ autopartswarehouse.com ¦¦¦¦]==============  
========[¦¦¦¦ SQL Injection Authentication bypass ¦¦¦¦]=======  
==============================================================  
==============================================================  
A Site Note:  
I don't usually post site-specific exploits, but due to the  
fact that they have IGNORED all of our attempts to explain this  
issue to them, I feel they would learn best if more people  
showed them what a problem this could be.   
Be nice... ;)  
  
==============================================================  
======================[¦¦¦¦ USAGE: ¦¦¦¦]======================  
==============================================================  
Vulnerable: https://www.autopartswarehouse.com/myaccount/login/  
  
1) Fire up your favorite HTTP/HTTPS post/header editor   
(tamperdata)  
  
2) Supply valid email-address credentials and password (due  
to client-side validation), or simply modify client side  
validaton with firebug to accept "improper" email-address  
formatting  
  
3) Modify 'username' and 'password' parameter values to  
' OR 1=1--  
(simple, I know, which is why they should be informed)  
  
4) Submit modified request  
  
5) Click 'edit profile' link for proof of logged-in status  
(https://www.autopartswarehouse.com/myaccount/edit_profile/)  
  
==============================================================  
====================[¦¦¦¦ FINAL WORD ¦¦¦¦]====================  
==============================================================  
I _KNOW_ more can be done with this.  
Explore, learn, have fun. (be responsible)  
Maybe now they will take notice . . .  
  
==============================================================  
======================[¦¦¦¦ SHOUTZ ¦¦¦¦]======================  
==============================================================  
Everyone at TeamQuarantine  
Including _YOU_ A.G.  
But certainly not J.L.  
  
HA!`