Lucene search
K

IXXO Cart SQL Injection

🗓️ 28 Jul 2009 00:00:00Reported by SmOk3Type 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 26 Views

IXXO Cart SQL Injection vulnerability in "parent" variabl

Code
`Original advisory at:  
http://www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection/  
  
Ref. [DSF-03-2009] – IXXO Cart! Standalone and Joomla Component SQL Injection  
Vendor: IXXO Internet Solutions  
Status: Patched by vendor  
  
IXXO Cart!  
IXXO Cart is an extremely powerful php shopping cart and web site  
builder application. Designed from a marketing perspective, this  
ecommerce application is feature-packed, robust, scalable and easy to  
use. IXXO Cart Plus is the clear choice for serious merchants focused  
on rapidly and cost effectively deploying, managing and growing a  
successful web-based business.  
New users appreciate the easy-to-use tools designed to help set up  
their store quickly and effectively while experienced users love the  
ability to customize and manage our software to meet the needs of  
their growing business.  
  
Description  
This very known PHP store is vulnerable to SQL Injection on “parent” variable.  
Injecting a specific combination of SQL commands will execute the new  
SQL query and even provide sensitive database information that could  
help a malicious user to complete and enter a valid SQL injection  
query.  
  
Proof of concept  
parent=1%27)%20order%20by%203/*  
  
Impact  
A malicious user could manipulate SQL queries by injecting arbitrary  
SQL code and return private information.  
  
Time-line  
June 2, 2009 – First contact by contact form  
June 17, 2009 – Second contact by email  
June 17, 2009 – Reply from vendor  
June 18, 2009 – Vendor reported that only standalone version and  
Joomla 1.0.x component are vulnerable  
June 24, 2009 – Vendor asked for more time to patch and warn their  
clients about this vulnerability  
June 25, 2009 – Vendor released 3.9.6.1 and and updated demo versions  
on their site  
July 20, 2009 – Third contact to check the status  
July 25, 2009 – Advisory goes public  
  
Disclosed  
Not yet published in any database  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation