X-Cart SQL inj. vuln.

Type securityvulns
Reporter Securityvulns
Modified 2006-04-21T00:00:00


X-Cart SQL inj. vuln.

Vuln. discovered by : r0t Date: 20 april 2006 vendorlink:http://www.x-cart.com/ affected versions: X-Cart Gold v4.0.18 X-Cart Pro v4.0.18 X-Cart 4.1.0 beta 1 and prior versions also can be affected . orginal advisory: http://pridels.blogspot.com/2006/04/x-cart-sql-inj-vuln.html

Vuln. Description:

X-cart contains a flaw that allows a remote sql injection attacks.Inputpassed to the search module paremeters in " search.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

To proof vuln:

Enter in search field ' and chose in submenu "search in: Detailed description" or "Search also in: ISBN".

Solution: Edit the source code to ensure that input is properly sanitised.

More information @ unsecured-systems.com/forum/