SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   MX Shop Vendors:   InterAKT
MX Shop Input Validation Bugs in the 'pages' Module Lets Remote Users Inject SQL Commands
SecurityTracker Alert ID:  1014932
SecurityTracker URL:  http://securitytracker.com/id/1014932
CVE Reference:   CVE-2005-3004   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Sep 19 2005
Impact:   Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  
Version(s): 3.2.0
Description:   David Sopas Ferreira (SmOk3) reported a vulnerability in MX Shop. A remote user can inject SQL commands.

The 'pages' module does not properly validate user-supplied input in the 'idp', 'id_ctg', and 'id_prd' parameters. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

Some demonstration exploit URLs are provided:

/index.php?mod=pages&idp='[SQL INJECTION]
/index.php?mod=pages&id_ctg='[SQL INJECTION]
/index.php?mod=pages&id_prd='[SQL INJECTION]

The original advisory is available at:

http://www.systemsecure.org/ssforum/viewtopic.php?t=250

[Editor's note: An input validation vulnerability in the 'id_ctg' parameter was previously reported by Diabolic Crab in April 2005 (Alert ID 1013620), but was reported to affect the 'category' module.]

Impact:   A remote user can execute SQL commands on the underlying database.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.interaktonline.com/Products/Web-Applications/MXShop/Overview/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  SS#15092005 - MX Shop 3.2.0 SQL Injection

ORIGINAL ADVISORY: http://www.systemsecure.org/ssforum/viewtopic.php?t=250

#------------------------------------- # Ref: SS#15092005
# SYSTEMSECURE.ORG - Advisory/Exploit
#
# * PUBLIC ADVISORY *
#
#-------------------------------------



[david at systemsecure.org]



-- ! Description !--
Vendor product description: "For Dreamweaver MX PHP developers who wish to create integrated e-commerce
applications (front-end and back-end), MX Shop is the solution. It is an "out of the box" dynamic web
application, providing an 'assembly line'-type approach to creating e-shops. Unlike most e-commerce
applications that do not provide Dreamweaver integration, our product is designed for seamless integration
and editing in Studio MX and MX Kollection, allowing you to visually change most of the shop application
logic and product properties."

This PHP e-commerce script is vulnerable to some SQL Injections. Impact An unauthenticated attacker may
execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of database
and expose sensitive information.



/index.php?mod=pages&id_ctg='[SQL INJECTION]
/index.php?mod=pages&id_prd='[SQL INJECTION]


-- ! Solution !--
The script should filter metacharacters from user input.


<base64>Rm9y52EgUG9ydHVnYWw=</base64>

# -EOF-
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC