Name Squirrelcart PRO
Vendor http://www.squirrelcart.com
Versions Affected 3.0.0
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-10-21
A) Blind SQL Injection
______________________
The parameters prod_rn in index.php when add_to_cart is
set to a positive value is not properly sanitised before
being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.
This vulnerability doesn't requires to be logged in.
Successful exploitation requires that the first part of
the injection (in the sample code it is 271) must be a
valid product number (just see the products list).
IV. SAMPLE CODE
_______________
A) Blind SQL Injection
http://site/path/index.php?add_to_cart=10&prod_rn=271 AND (SELECT(IF(0x41=0x41, BENCHMARK(9999999999,NULL),NULL)))
Friday, October 22, 2010
Squirrelcart PRO 3.0.0 Blind SQL Injection Vulnerability
0
About Me
- За Zer0-0ne
- Блог за истражување и развој на информациска безбедност, кој е наменет за постирање на најнови ранливости и слабости. Founder darknessn1k0!4
0 comments:
Post a Comment