| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Jul 2009 06:59:10 +0630 From: YEHG Group <lists@...g.net> To: SmOk3 <smok3f00@...il.com> Cc: vuln@...unia.com, Vuln@...irt.com, Vuln@...tik.com, full-disclosure@...ts.grok.org.uk, bugs@...uritytracker.com, bugtraq@...urityfocus.com, vuldb@...urityfocus.com Subject: Re: IXXO Cart! Standalone and Joomla Component SQL Injection Thanks, I'll update the database of http://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project On Sat, Jul 25, 2009 at 3:57 PM, SmOk3<smok3f00@...il.com> wrote: > Original advisory at: > http://www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection/ > > Ref. [DSF-03-2009] – IXXO Cart! Standalone and Joomla Component SQL Injection > Vendor: IXXO Internet Solutions > Status: Patched by vendor > > IXXO Cart! > IXXO Cart is an extremely powerful php shopping cart and web site > builder application. Designed from a marketing perspective, this > ecommerce application is feature-packed, robust, scalable and easy to > use. IXXO Cart Plus is the clear choice for serious merchants focused > on rapidly and cost effectively deploying, managing and growing a > successful web-based business. > New users appreciate the easy-to-use tools designed to help set up > their store quickly and effectively while experienced users love the > ability to customize and manage our software to meet the needs of > their growing business. > > Description > This very known PHP store is vulnerable to SQL Injection on “parent” variable. > Injecting a specific combination of SQL commands will execute the new > SQL query and even provide sensitive database information that could > help a malicious user to complete and enter a valid SQL injection > query. > > Proof of concept > parent=1%27)%20order%20by%203/* > > Impact > A malicious user could manipulate SQL queries by injecting arbitrary > SQL code and return private information. > > Time-line > June 2, 2009 – First contact by contact form > June 17, 2009 – Second contact by email > June 17, 2009 – Reply from vendor > June 18, 2009 – Vendor reported that only standalone version and > Joomla 1.0.x component are vulnerable > June 24, 2009 – Vendor asked for more time to patch and warn their > clients about this vulnerability > June 25, 2009 – Vendor released 3.9.6.1 and and updated demo versions > on their site > July 20, 2009 – Third contact to check the status > July 25, 2009 – Advisory goes public > > Disclosed > Not yet published in any database > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists