SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   Online Store Kit Vendors:   Ecommerce Corporation
Online Store Kit Input Validation Flaws in Several Scripts Permits SQL Injection
SecurityTracker Alert ID:  1009092
SecurityTracker URL:  http://securitytracker.com/id/1009092
CVE Reference:   CVE-2004-0300   (Links to External Site)
Updated:  Mar 23 2004
Original Entry Date:  Feb 18 2004
Impact:   Disclosure of user information, Execution of arbitrary code via network
Exploit Included:  Yes  
Version(s): 3.0
Description:   G00db0y from Zone-h Security Labs reported several input validation vulnerabilities in Online Store Kit. A remote user can inject SQL commands.

It is reported that several of the product's scripts do not properly validate user-supplied input, including 'shop.php', 'shop_by_brand.php', and 'listing.php'. A remote user can request a specially crafted URL to cause SQL commands to be executed by the underlying database. A remote user can exploit this to gain information from the database, the report said.

Some demonstration exploit URLs are provided:

http://[target]/directory/shop.php?cat=[query]
http://[target]/directory/lite/shop_by_brand.php?cat_manufacturer=[query]
http://[target]/directory/listing.php?id=[query]

The vendor has reportedly been notified.

Impact:   A remote user can inject SQL commands to be executed by the underlying database.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.ecommerce.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  ZH2004-07SA (security advisory): Multiple Sql injection vulnerabilities


ZH2004-07SA (security advisory): Multiple Sql injection vulnerabilities in Online Store 
Kit 3.0 Products (Lite - Standard and Pro)

Published: 17 february 2004

Released: 17 february 2004

Name: Online Store Kit Products (Lite - Standard - Pro)

Affected Systems: 3.0

Issue: Sql Injection Vulnerability

Author: G00db0y from Zone-h Security Labs - zetalabs@zone-h.org - g00db0y@zone-h.org

Vendor: http://www.ecommerce.com




Description

***********

Zone-h Security Team has discovered multiple flaws in Online Store Kit 3.0 Products (Lite 
- Standard - Pro). There are multiple vulnerabilities in the current version of Online 
Store Kit Lite that allows an attacker to disclose sensitive information that could be 
used to gain unauthorized access.
Online Store Kit 3.0 Lite:"That pretty much says it all when it comes to the Online Store 
Kit 3.0 Lite. To sum it up, this package includes all of the features that are essential 
for a usable shopping cart with uninterrupted functioning. If your e-commerce needs don't 
go far, but the products/services you offer have the demand, this package is for you.
Please, note, that all the packages include core features and have room for additional 
features. The core features are included in every package, and provide a solid base for 
building a successful e-store. The functionality and the quantity of additional features 
depend on the package you choose."
Online Store Kit 3.0 Standard: "Going with the standard is always a good thing; especially 
when it comes to making a profit. When your store goes online, you should attract visitors 
not only with the assortment of the products and services you offer, but also with a 
dynamic and friendly sales atmosphere. If organized with Online Store Kit 3.0 Standard, 
your e-store will include all the basic features plus advanced functionality, enabling a 
powerful and profit-generating virtual shop."
Online Store Kit 3.0 Pro: "Intense research, development and testing has brought us to 
what we call the Online Store Kit 3.0 Pro. The features which enable a comprehensive 
procedure for purchasing, taxation calculation, shipping and handling, and payment methods 
are the hallmarks of this professional package. Please, note, that all the packages 
include core features and additional ones."






Details

*******


The problems exist due to insufficient sanitization of user-supplied data. A remote 
attacker may exploit these issues to influence SQL query logic to disclose sensitive 
information that could be used to gain unauthorized access.

For example try this:

http://address/directory/shop.php?cat=[query]
http://address/directory/more.php?id=[query]
http://address/directory/lite/shop_by_brand.php?cat_manufacturer=[query]
http://address/directory/listing.php?id=[query]




Solution:

*********

The vendor has been contacted and a patch was not yet produced.



G00db0y from Zone-h Security Labs - zetalabs@zone-h.org - g00db0y@zone-h.org


Original advisory:

********************

http://www.zone-h.org/en/advisories/read/id=3972/


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC