X-Cart SQL inj. vuln.
###############################################
Vuln. discovered by : r0t
Date: 20 april 2006
vendorlink:http://www.x-cart.com/
affected versions:
X-Cart Gold v4.0.18
X-Cart Pro v4.0.18
X-Cart 4.1.0 beta 1
and prior versions also can be affected .
orginal advisory:
http://pridels.blogspot.com/2006/04/x-cart-sql-inj-vuln.html
###############################################
Vuln. Description:
X-cart contains a flaw that allows a remote sql injection
attacks.Inputpassed to the search module paremeters in "
search.php" isn't properly sanitised before being used in a SQL query. This
can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
To proof vuln:
Enter in search field ' and chose in submenu "search in: Detailed
description" or "Search also in: ISBN".
###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/