ZH2004-07SA (security advisory): Multiple Sql injection vulnerabilities in Online Store Kit 3.0 Products (Lite - Standard and Pro)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: ZH2004-07SA (security advisory): Multiple Sql injection vulnerabilities in Online Store Kit 3.0 Products (Lite - Standard and Pro)
From: ZetaLabs <zetalabs@xxxxxxxxxx>
Date: 18 Feb 2004 06:39:12 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


ZH2004-07SA (security advisory): Multiple Sql injection vulnerabilities in 
Online Store Kit 3.0 Products (Lite - Standard and Pro)

Published: 17 february 2004

Released: 17 february 2004

Name: Online Store Kit Products (Lite - Standard - Pro)

Affected Systems: 3.0

Issue: Sql Injection Vulnerability

Author: G00db0y from Zone-h Security Labs - zetalabs@xxxxxxxxxx - 
g00db0y@xxxxxxxxxx

Vendor: http://www.ecommerce.com




Description

***********

Zone-h Security Team has discovered multiple flaws in Online Store Kit 3.0 
Products (Lite - Standard - Pro). There are multiple vulnerabilities in the 
current version of Online Store Kit Lite that allows an attacker to disclose 
sensitive information that could be used to gain unauthorized access.
Online Store Kit 3.0 Lite:"That pretty much says it all when it comes to the 
Online Store Kit 3.0 Lite. To sum it up, this package includes all of the 
features that are essential for a usable shopping cart with uninterrupted 
functioning. If your e-commerce needs don't go far, but the products/services 
you offer have the demand, this package is for you. 
Please, note, that all the packages include core features and have room for 
additional features. The core features are included in every package, and 
provide a solid base for building a successful e-store. The functionality and 
the quantity of additional features depend on the package you choose."
Online Store Kit 3.0 Standard: "Going with the standard is always a good thing; 
especially when it comes to making a profit. When your store goes online, you 
should attract visitors not only with the assortment of the products and 
services you offer, but also with a dynamic and friendly sales atmosphere. If 
organized with Online Store Kit 3.0 Standard, your e-store will include all the 
basic features plus advanced functionality, enabling a powerful and 
profit-generating virtual shop."
Online Store Kit 3.0 Pro: "Intense research, development and testing has 
brought us to what we call the Online Store Kit 3.0 Pro. The features which 
enable a comprehensive procedure for purchasing, taxation calculation, shipping 
and handling, and payment methods are the hallmarks of this professional 
package. Please, note, that all the packages include core features and 
additional ones."






Details

******* 


The problems exist due to insufficient sanitization of user-supplied data. A 
remote attacker may exploit these issues to influence SQL query logic to 
disclose sensitive information that could be used to gain unauthorized access.

For example try this:

http://address/directory/shop.php?cat=[query]
http://address/directory/more.php?id=[query]
http://address/directory/lite/shop_by_brand.php?cat_manufacturer=[query]
http://address/directory/listing.php?id=[query]




Solution:

*********

The vendor has been contacted and a patch was not yet produced.



G00db0y from Zone-h Security Labs - zetalabs@xxxxxxxxxx - g00db0y@xxxxxxxxxx



http://www.zone-h.org/en/advisories/read/id=3972/

Prev by Date: Re: AIX password enumeration possible
Next by Date: Re: ASN.1 telephony critical infrastructure warning - VOIP
Previous by thread: RE: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges
Next by thread: MDKSA-2004:014 - Updated metamail packages fix buffer overflow vulnerabilities
Index(es):
- Date
- Thread