X-Cart SQL inj. vuln.
Vuln. discovered by : r0t Date: 20 april 2006 vendorlink:http://www.x-cart.com/ affected versions: X-Cart Gold v4.0.18 X-Cart Pro v4.0.18 X-Cart 4.1.0 beta 1 and prior versions also can be affected . orginal advisory: http://pridels.blogspot.com/2006/04/x-cart-sql-inj-vuln.html
X-cart contains a flaw that allows a remote sql injection attacks.Inputpassed to the search module paremeters in " search.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
To proof vuln:
Enter in search field ' and chose in submenu "search in: Detailed description" or "Search also in: ISBN".
Solution: Edit the source code to ensure that input is properly sanitised.
More information @ unsecured-systems.com/forum/