Web4Future eCommerce Enterprise Edition v2.1 SQL inj. vuln.

2005-12-05T00:00:00
ID SECURITYVULNS:DOC:10519
Type securityvulns
Reporter Securityvulns
Modified 2005-12-05T00:00:00

Description

Web4Future eCommerce Enterprise Edition v2.1 SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/ecommerce-enterprise-edition-sql-inj.html vendor:http://www.web4future.com/products.php?p=ecomm affected version:v2.1 and prior

Product Description: A fully template driven system which you can use the software to sell any kind of products from computers, household items, downloadable goods, services, groceries, cars or real estates.

Vuln. Description:

Input passed to the "prod","brid" parameter in "view.php" and "bid" parameter in "viewbrands.php" and "grp","cat" parameter in " index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples: /view.php?prod=[SQL] /viewbrands.php?bid=[SQL] /view.php?prod=1010001&brid=[SQL] /index.php?action=ViewGroups&grp=[SQL] /index.php?action=ViewCategories&cat=[SQL]

Solution: Edit the source code to ensure that input is properly sanitised.