Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Commerce)  >   VirtuaStore Vendors:   Grupo Virtua Developer
VirtuaStore Input Validation Flaw Lets Remote Users Inject SQL Commands
SecurityTracker Alert ID:  1016421
SecurityTracker URL:
CVE Reference:   CVE-2006-3402, CVE-2006-3487, CVE-2006-3488   (Links to External Site)
Updated:  Aug 12 2008
Original Entry Date:  Jul 3 2006
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Exploit Included:  Yes  
Version(s): 2.0
Description:   supermalhacao of spykids reported a vulnerability in VirtuaStore. A remote user can inject SQL commands.

The administrative interface does not properly validate user-supplied input in the 'password' field. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

A demonstration exploit password value is provided:

123456 / ' or 1=1

Impact:   A remote user can execute SQL commands on the underlying database.
Solution:   No solution was available at the time of this entry.
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  Vulnerabilit Virtuastore

Malicious people to compromise a vulnerable system
Vulnerabilit Virtuastore (Sql Injection - mdb vulnerabilit)
Version(s): 2.0
Vendor Confirmed:  Yes  
Underlying OS: Windows
Log server (Gerenciador de arquivos)
Link browser attacker\dominios\
Download mdb intrusion server
The vulnerability has been confirmed in all version


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC