Online Store Kit Input Validation Flaws in Several Scripts Permits SQL Injection
SecurityTracker Alert ID: 1009092|
SecurityTracker URL: http://securitytracker.com/id/1009092
(Links to External Site)
Updated: Mar 23 2004|
Original Entry Date: Feb 18 2004
Disclosure of user information, Execution of arbitrary code via network|
Exploit Included: Yes |
G00db0y from Zone-h Security Labs reported several input validation vulnerabilities in Online Store Kit. A remote user can inject SQL commands.|
It is reported that several of the product's scripts do not properly validate user-supplied input, including 'shop.php', 'shop_by_brand.php', and 'listing.php'. A remote user can request a specially crafted URL to cause SQL commands to be executed by the underlying database. A remote user can exploit this to gain information from the database, the report said.
Some demonstration exploit URLs are provided:
The vendor has reportedly been notified.
A remote user can inject SQL commands to be executed by the underlying database.|
No solution was available at the time of this entry.|
Vendor URL: www.ecommerce.com/ (Links to External Site)
Input validation error|
|Underlying OS: Linux (Any), UNIX (Any), Windows (Any)|
Source Message Contents
Subject: ZH2004-07SA (security advisory): Multiple Sql injection vulnerabilities|
ZH2004-07SA (security advisory): Multiple Sql injection vulnerabilities in Online Store
Kit 3.0 Products (Lite - Standard and Pro)
Published: 17 february 2004
Released: 17 february 2004
Name: Online Store Kit Products (Lite - Standard - Pro)
Affected Systems: 3.0
Issue: Sql Injection Vulnerability
Author: G00db0y from Zone-h Security Labs - firstname.lastname@example.org - email@example.com
Zone-h Security Team has discovered multiple flaws in Online Store Kit 3.0 Products (Lite
- Standard - Pro). There are multiple vulnerabilities in the current version of Online
Store Kit Lite that allows an attacker to disclose sensitive information that could be
used to gain unauthorized access.
Online Store Kit 3.0 Lite:"That pretty much says it all when it comes to the Online Store
Kit 3.0 Lite. To sum it up, this package includes all of the features that are essential
for a usable shopping cart with uninterrupted functioning. If your e-commerce needs don't
go far, but the products/services you offer have the demand, this package is for you.
Please, note, that all the packages include core features and have room for additional
features. The core features are included in every package, and provide a solid base for
building a successful e-store. The functionality and the quantity of additional features
depend on the package you choose."
Online Store Kit 3.0 Standard: "Going with the standard is always a good thing; especially
when it comes to making a profit. When your store goes online, you should attract visitors
not only with the assortment of the products and services you offer, but also with a
dynamic and friendly sales atmosphere. If organized with Online Store Kit 3.0 Standard,
your e-store will include all the basic features plus advanced functionality, enabling a
powerful and profit-generating virtual shop."
Online Store Kit 3.0 Pro: "Intense research, development and testing has brought us to
what we call the Online Store Kit 3.0 Pro. The features which enable a comprehensive
procedure for purchasing, taxation calculation, shipping and handling, and payment methods
are the hallmarks of this professional package. Please, note, that all the packages
include core features and additional ones."
The problems exist due to insufficient sanitization of user-supplied data. A remote
attacker may exploit these issues to influence SQL query logic to disclose sensitive
information that could be used to gain unauthorized access.
For example try this:
The vendor has been contacted and a patch was not yet produced.
G00db0y from Zone-h Security Labs - firstname.lastname@example.org - email@example.com