Date: Sat, 12 Nov 2005 23:35:02 +0530
From: crazy frog crazy frog <i.m.crazy.frog@gmail.com.>
To: [email protected]Subject: Midicart sql injection
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Virus-Scanned: antivirus-gw at tyumen.ru
Midicart sql injection
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
product description(from site):-
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
MidiCart is a Try-Before-You-Buy Shopping Cart Software, that provides
all you need to create, operate, and maintain a professional Internet
shop. MidiCart ASP and PHP Shopping Cart is extremely easy to use,
flexible, powerful and affordable e-commerce solution for your web
site.
details:-
=3D=3D=3D=3D=3D=3D=3D
there exists a vulnerability query string in search_list.asp
file,which is vulerable to sql injection attack.an attacker can run
any arbitary query.
How to determine:-
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
enter following query in to search box:-
1' union select * from products'
this will list all the products.it mean the installation is vulnerable.
workaround:-
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
santinize the input supplied.it is stored in a variable named "searchstring=
".
--
ting ding ting ding ting ding
ting ding ting ding ding
i m crazy frog :)
"oh yeah oh yeah...
another wannabe, in hackerland!!!"
--
ting ding ting ding ting ding
ting ding ting ding ding
i m crazy frog :)
"oh yeah oh yeah...
another wannabe, in hackerland!!!"
