Web-Ideas Web Shop Standard SQL Injection

2010-08-31T00:00:00
ID PACKETSTORM:93343
Type packetstorm
Reporter Ariko-Security
Modified 2010-08-31T00:00:00

Description

                                        
                                            `# Exploit Title: [SQL injection in web-ideas web shop standard]  
# Date: [31.08.2010]  
# Author: [Ariko-Security]  
# Software Link: [ http://www.web-ideas.com.au/web-shop_standard]  
# Version: [ALL]  
# Tested on: [ALL]  
# CVE : [n/a]  
  
# Ariko-Security: Security Audits , Audyt bezpieczeństwa  
# Advisory: 728/2010  
  
============ { Ariko-Security - Advisory #2/8/2010 } =============  
  
SQL injection in web-ideas web shop standard  
  
Vendor's Description of Software:  
# http://www.web-ideas.com.au/web-shop_standard  
  
Dork:  
# N/A  
  
Application Info:  
# Name: web-ideas web shop standard  
# ALL versions  
  
Vulnerability Info:  
# Type: SQL injection  
  
Time Table:  
# 22/08/2010 - Vendor notified.  
  
Fix:  
# n/a  
  
Input passed via the "page" parameter to index.php is not properly  
  
sanitised before being used in a SQL query.  
  
Input passed to the "ps_session" cookie parameter is not properly  
  
sanitised before being used in a SQL query.  
  
  
Solution:  
# Input validation of page and ps_session parameters should be corrected.  
  
Vulnerability:  
# http://[site]/index.php?action=showgal&cat=5&page=[SQLi]  
# http://[site]/index.php  
# cookie: ps_session=[SQLi]  
  
Credit:  
# Discoverd By: Maciej Gojny / Ariko-Security 2010  
# http://advisories.ariko-security.com/august/audyt_bezpieczenstwa_728.html  
  
--   
Ariko-Secuirty  
  
`