Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12114
HistoryApr 10, 2006 - 12:00 a.m.

APT-webshop-system vuln.

2006-04-1000:00:00
vulners.com
19

APT-webshop-system vuln.

###############################################
Vuln. discovered by : r0t
Date: 9 april 2006
vendor:http://www.apt-webservice.de/shopsoftware/
affected versions:
4.0 PRO
3.0 BASIC
3.0 LIGHT
orginal advisory:
http://pridels.blogspot.com/2006/04/apt-webshop-system-vuln.html
###############################################

Vuln. description:

  1. SQL injection vuln.

APT-webshop-system contains a flaws that allows a remote sql injection
attacks.Input passed to the "group","seite","id" isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate SQL
queries by injecting arbitrary SQL code.

examples:

/modules.php?warp=artikel&group=[SQL]
/modules.php?warp=artikel&group=&seite=[SQL]
/modules.php?warp=artikel&group=&seite=&id=[SQL]

  1. Full Path Disclosure

An attacker can get full install path by testing SQL attack vuln.

Bonnus:

/modules.php?warp=File

&

/modules.php?warp=basket&message=%3Cli%3E%3Ca%
20href=http://r0t.in/%3EUNSECURED%20SYSTEMS%3
C/a%3E%3C/li%3E

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/