IXXO Cart for Joomla SQLi Vulnerability

vendor:

IXXO Cart

by:

Sid3^effects aKa HaRi

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: IXXO Cart

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

IXXO Cart for Joomla SQLi Vulnerability

IXXO Cart is an extremely powerful php shopping cart and web site builder application. Designed from a marketing perspective, this ecommerce application is feature-packed, robust, scalable and easy to use. A SQL injection vulnerability exists in the application, which can be exploited by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow an attacker to gain unauthorized access to the application and its data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name :   IXXO Cart for Joomla SQLi Vulnerability
Date : july 9,2010
Critical Level 	: HIGH
vendor URL :http://www.php-shop-system.com/
Author : Sid3^effects aKa HaRi 
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
Description 
IXXO Cart is an extremely powerful php shopping cart and web site builder application. Designed from a marketing perspective, this ecommerce application is feature-packed, robust, scalable and easy to use. IXXO Cart Plus is the clear choice for serious merchants focused on rapidly and cost effectively deploying, managing and growing a successful web-based business.
New users appreciate the easy-to-use tools designed to help set up their store quickly and effectively while experienced users love the ability to customize and manage our software to meet the needs of their growing business.
#######################################################################################################
Xploit: SQli Vulnerability


Demo url : http://site.com/ixxo-cart-plus-demo/index.php?p=catalog&parent=[SQLI]

#######################################################################################################
# 0day no more 
# Sid3^effects