OpenCart Order By Blind SQL Injection

2009.03.16
Credit: Adam Baldwin
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-005 - OpenCart Order By Blind SQL Injection Application: OpenCart 1.1.8 Vendor: OpenCart Vendor website: http://www.opencart.com <http://www.chambermaster.com> Author: Adam Baldwin (adam_baldwin_at_ngenuity-is&#46;com) I. BACKGROUND "OpenCart is an open source PHP-based online shopping cart system. A robust e-commerce solution for Internet merchants with the ability to create their own online business and participate in e-commerce at a minimal cost."[1] II. DETAILS An SQL Injection vulnerability exists within OpenCart that can be exploited using blind injection. This vulnerability exists due to the "order" URL parameter not being properly sanitized. This vulnerability can be exploited by an unauthenticated attacker giving them the ability to access any data within the OpenCart database. This may include but is not limited to Usernames, Unsalted MD5 password hashes, and payment gateway credentials. III. REFERENCES [1] - http://www.opencart.com IV. VENDOR COMMUNICATION 3.10.2009 - Vulnerability Discovery 3.10.2009 - Vendor Notification 3.10.2009 - Vendor response stating that this is fixed in version 1.1.9 3.15.2009 - Version 1.1.9 released. Copyright (c) 2009 nGenuity Information Services, LLC http://www.ngenuity.org/wordpress/2009/03/10/ngenuity-2009-005-opencart-order-by-blind-sql-injection/

References:

http://xforce.iss.net/xforce/xfdb/49262
http://www.securityfocus.com/bid/34121
http://www.securityfocus.com/archive/1/archive/1/501843/100/0/threaded
http://www.ngenuity.org/wordpress/2009/03/10/ngenuity-2009-005-opencart-order-by-blind-sql-injection/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top