Web-Ideas Web Shop Standard remote SQL injection vulnerability

2010.09.01

Credit: Ariko-Security

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

# Exploit Title: [SQL injection in web-ideas web shop standard]
# Date: [31.08.2010]
# Author: [Ariko-Security]
# Software Link: [ http://www.web-ideas.com.au/web-shop_standard]
# Version: [ALL]
# Tested on: [ALL]
# CVE : [n/a]
 
# Ariko-Security: Security Audits , Audyt bezpieczestwa
# Advisory: 728/2010
 
============ { Ariko-Security - Advisory #2/8/2010 } =============
 
SQL injection in web-ideas web shop standard
 
Vendor's Description of Software:
# http://www.web-ideas.com.au/web-shop_standard
 
Dork:
# N/A
 
Application Info:
# Name: web-ideas web shop standard
# ALL versions
 
Vulnerability Info:
# Type: SQL injection
 
Time Table:
# 22/08/2010 - Vendor notified.
 
Fix:
# n/a
 
Input passed via the "page" parameter to index.php is not properly
 
sanitised before being used in a SQL query.
 
Input passed to the "ps_session" cookie parameter is not properly
 
sanitised before being used in a SQL query.
 
 
Solution:
# Input validation of page and ps_session parameters should be corrected.
 
Vulnerability:
# http://[site]/index.php?action=showgal&cat=5&page=[SQLi]
# http://[site]/index.php
# cookie: ps_session=[SQLi]
 
Credit:
# Discoverd By: Maciej Gojny / Ariko-Security 2010
# http://advisories.ariko-security.com/august/audyt_bezpieczenstwa_728.html
 
-- 
Ariko-Secuirty

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Web-Ideas Web Shop Standard remote SQL injection vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.