lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <875432850907251729o62d46769u4614dd05064be659@mail.gmail.com>
Date: Sun, 26 Jul 2009 06:59:10 +0630
From: YEHG Group <lists@...g.net>
To: SmOk3 <smok3f00@...il.com>
Cc: vuln@...unia.com, Vuln@...irt.com, Vuln@...tik.com,
	full-disclosure@...ts.grok.org.uk, bugs@...uritytracker.com,
	bugtraq@...urityfocus.com, vuldb@...urityfocus.com
Subject: Re: IXXO Cart! Standalone and Joomla Component
	SQL Injection

Thanks, I'll update the database of
http://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project

On Sat, Jul 25, 2009 at 3:57 PM, SmOk3<smok3f00@...il.com> wrote:
> Original advisory at:
> http://www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection/
>
> Ref. [DSF-03-2009] – IXXO Cart! Standalone and Joomla Component SQL Injection
> Vendor: IXXO Internet Solutions
> Status: Patched by vendor
>
> IXXO Cart!
> IXXO Cart is an extremely powerful php shopping cart and web site
> builder application. Designed from a marketing perspective, this
> ecommerce application is feature-packed, robust, scalable and easy to
> use. IXXO Cart Plus is the clear choice for serious merchants focused
> on rapidly and cost effectively deploying, managing and growing a
> successful web-based business.
> New users appreciate the easy-to-use tools designed to help set up
> their store quickly and effectively while experienced users love the
> ability to customize and manage our software to meet the needs of
> their growing business.
>
> Description
> This very known PHP store is vulnerable to SQL Injection on “parent” variable.
> Injecting a specific combination of SQL commands will execute the new
> SQL query and even provide sensitive database information that could
> help a malicious user to complete and enter a valid SQL injection
> query.
>
> Proof of concept
> parent=1%27)%20order%20by%203/*
>
> Impact
> A malicious user could manipulate SQL queries by injecting arbitrary
> SQL code and return private information.
>
> Time-line
> June 2, 2009 – First contact by contact form
> June 17, 2009 – Second contact by email
> June 17, 2009 – Reply from vendor
> June 18, 2009 – Vendor reported that only standalone version and
> Joomla 1.0.x component are vulnerable
> June 24, 2009 – Vendor asked for more time to patch and warn their
> clients about this vulnerability
> June 25, 2009 – Vendor released 3.9.6.1 and and updated demo versions
> on their site
> July 20, 2009 – Third contact to check the status
> July 25, 2009 – Advisory goes public
>
> Disclosed
> Not yet published in any database
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ