| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <49BDD93B.7030504@ngenuity-is.com>
Date: Sun, 15 Mar 2009 21:44:43 -0700
From: Adam Baldwin <adam_baldwin@...nuity-is.com>
To: bugtraq@...urityfocus.com
Subject: NGENUITY-2009-005 OpenCart Order By Blind SQL Injection
nGenuity Information Services - Security Advisory
Advisory ID: NGENUITY-2009-005 - OpenCart Order By Blind SQL Injection
Application: OpenCart 1.1.8
Vendor: OpenCart
Vendor website: http://www.opencart.com <http://www.chambermaster.com>
Author: Adam Baldwin (adam_baldwin@...nuity-is.com)
I. BACKGROUND
"OpenCart is an open source PHP-based online shopping cart system. A robust e-commerce
solution for Internet merchants with the ability to create their own online business and
participate in e-commerce at a minimal cost."[1]
II. DETAILS
An SQL Injection vulnerability exists within OpenCart that can be exploited using blind
injection. This vulnerability exists due to the "order" URL parameter not being properly
sanitized.
This vulnerability can be exploited by an unauthenticated attacker giving them the ability
to access any data within the OpenCart database. This may include but is not limited to
Usernames, Unsalted MD5 password hashes, and payment gateway credentials.
III. REFERENCES
[1] - http://www.opencart.com
IV. VENDOR COMMUNICATION
3.10.2009 - Vulnerability Discovery
3.10.2009 - Vendor Notification
3.10.2009 - Vendor response stating that this is fixed in version 1.1.9
3.15.2009 - Version 1.1.9 released.
Copyright (c) 2009 nGenuity Information Services, LLC
Powered by blists - more mailing lists