| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Dec 2009 23:06:41 -0500 From: Packet Storm <bugtraq@...ketstormsecurity.org> To: Salvatore Fresta aka Drosophila <drosophilaxxx@...il.com> Cc: Bugtraq <bugtraq@...urityfocus.com> Subject: Re: E-Store SQL Injection Vulnerability Previously discovered: http://packetstormsecurity.org/0812-exploits/estore-sql.txt 856a5dc9cba52e892cbb54bd2e1a0a82 getaphpsite e-store suffers from a remote SQL injection vulnerability in SearchResults.php. Authored By <a href="mailto:trt-turk[at]hotmail.com">ZoRLu</a> On Fri, Dec 11, 2009 at 05:50:54AM +0100, Salvatore Fresta aka Drosophila wrote: > E-Store SQL Injection Vulnerability > > Name E-Store > Vendor http://www.getaphpsite.com > > Author Salvatore Fresta aka Drosophila > Website http://www.salvatorefresta.net > Contact salvatorefresta [at] gmail [dot] com > Date 2009-09-03 > > X. INDEX > > I. ABOUT THE APPLICATION > II. DESCRIPTION > III. ANALYSIS > IV. SAMPLE CODE > V. FIX > VI. DISCLOSURE TIMELINE > > > I. ABOUT THE APPLICATION > > E-Store is a commercial PHP e-commerce. > > > II. DESCRIPTION > > This application presents a SQL Injection bug. > > > III. ANALYSIS > > Summary: > > A) SQL Injection > > A) SQL Injection > > The GET where parameter passed to SearchResults.php has not > properly sanitised. Because of the affected query, the Magic > Quotes GPC flag (php.in) may be on. > > > IV. SAMPLE CODE > > http://site/path/SearchResults.php?SearchTerm=&where=ItemName UNION > ALL SELECT 1,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16%23&ord1=ItemName&ord2=asc&search1=Go! > > > V. FIX > > No patch.
Powered by blists - more mailing lists