APT-webshop-system vuln.
###############################################
Vuln. discovered by : r0t
Date: 9 april 2006
vendor:http://www.apt-webservice.de/shopsoftware/
affected versions:
4.0 PRO
3.0 BASIC
3.0 LIGHT
orginal advisory:
http://pridels.blogspot.com/2006/04/apt-webshop-system-vuln.html
###############################################
Vuln. description:
APT-webshop-system contains a flaws that allows a remote sql injection
attacks.Input passed to the "group","seite","id" isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate SQL
queries by injecting arbitrary SQL code.
examples:
/modules.php?warp=artikel&group=[SQL]
/modules.php?warp=artikel&group=&seite=[SQL]
/modules.php?warp=artikel&group=&seite=&id=[SQL]
An attacker can get full install path by testing SQL attack vuln.
Bonnus:
/modules.php?warp=File
&
/modules.php?warp=basket&message=%3Cli%3E%3Ca%
20href=http://r0t.in/%3EUNSECURED%20SYSTEMS%3
C/a%3E%3C/li%3E
###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/