APT-webshop-system vuln.

2006-04-10T00:00:00
ID SECURITYVULNS:DOC:12114
Type securityvulns
Reporter Securityvulns
Modified 2006-04-10T00:00:00

Description

APT-webshop-system vuln.

Vuln. discovered by : r0t Date: 9 april 2006 vendor:http://www.apt-webservice.de/shopsoftware/ affected versions: 4.0 PRO 3.0 BASIC 3.0 LIGHT orginal advisory: http://pridels.blogspot.com/2006/04/apt-webshop-system-vuln.html

Vuln. description:

  1. SQL injection vuln.

APT-webshop-system contains a flaws that allows a remote sql injection attacks.Input passed to the "group","seite","id" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples:

/modules.php?warp=artikel&group=[SQL] /modules.php?warp=artikel&group=&seite=[SQL] /modules.php?warp=artikel&group=&seite=&id=[SQL]

  1. Full Path Disclosure

An attacker can get full install path by testing SQL attack vuln.

+

Bonnus:

/modules.php?warp=File

&

/modules.php?warp=basket&message=%3Cli%3E%3Ca% 20href=http://r0t.in/%3EUNSECURED%20SYSTEMS%3 C/a%3E%3C/li%3E

Solution: Edit the source code to ensure that input is properly sanitised.

More information @ unsecured-systems.com/forum/