Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Midicart sql injection

From: crazy frog crazy frog <i.m.crazy.frog () gmail com>
Date: Sat, 12 Nov 2005 23:35:02 +0530
Midicart sql injection
==================

product description(from site):-
==================
MidiCart is a Try-Before-You-Buy Shopping Cart Software, that provides
all you need to create, operate, and maintain a professional Internet
shop. MidiCart ASP and PHP Shopping Cart is extremely easy to use,
flexible, powerful and affordable e-commerce solution for your web
site.

details:-
=======
there exists a vulnerability query string in search_list.asp
file,which is vulerable to sql injection attack.an attacker can run
any arbitary query.

How to determine:-
=================
enter following query in to search box:-
1' union select * from products'
this will list all the products.it mean the installation is vulnerable.

workaround:-
===========
santinize the input supplied.it is stored in a variable named "searchstring".

--
ting ding ting ding ting ding
ting ding ting ding ding
i m crazy frog :)
"oh yeah oh yeah...
 another wannabe, in hackerland!!!"

--
ting ding ting ding ting ding
ting ding ting ding ding
i m crazy frog :)
"oh yeah oh yeah...
 another wannabe, in hackerland!!!"
Previous By Date Next
Previous By Thread Next

Current thread: