From zetalabs@zone-h.org Wed Feb 18 16:07:59 2004 From: ZetaLabs To: bugtraq@securityfocus.com Date: 18 Feb 2004 06:39:12 -0000 Subject: ZH2004-07SA (security advisory): Multiple Sql injection vulnerabilities in Online Store Kit 3.0 Products (Lite - Standard and Pro) ZH2004-07SA (security advisory): Multiple Sql injection vulnerabilities in Online Store Kit 3.0 Products (Lite - Standard and Pro) Published: 17 february 2004 Released: 17 february 2004 Name: Online Store Kit Products (Lite - Standard - Pro) Affected Systems: 3.0 Issue: Sql Injection Vulnerability Author: G00db0y from Zone-h Security Labs - zetalabs@zone-h.org - g00db0y@zone-h.org Vendor: http://www.ecommerce.com Description *********** Zone-h Security Team has discovered multiple flaws in Online Store Kit 3.0 Products (Lite - Standard - Pro). There are multiple vulnerabilities in the current version of Online Store Kit Lite that allows an attacker to disclose sensitive information that could be used to gain unauthorized access. Online Store Kit 3.0 Lite:"That pretty much says it all when it comes to the Online Store Kit 3.0 Lite. To sum it up, this package includes all of the features that are essential for a usable shopping cart with uninterrupted functioning. If your e-commerce needs don't go far, but the products/services you offer have the demand, this package is for you. Please, note, that all the packages include core features and have room for additional features. The core features are included in every package, and provide a solid base for building a successful e-store. The functionality and the quantity of additional features depend on the package you choose." Online Store Kit 3.0 Standard: "Going with the standard is always a good thing; especially when it comes to making a profit. When your store goes online, you should attract visitors not only with the assortment of the products and services you offer, but also with a dynamic and friendly sales atmosphere. If organized with Online Store Kit 3.0 Standard, your e-store will include all the basic features plus advanced functionality, enabling a powerful and profit-generating virtual shop." Online Store Kit 3.0 Pro: "Intense research, development and testing has brought us to what we call the Online Store Kit 3.0 Pro. The features which enable a comprehensive procedure for purchasing, taxation calculation, shipping and handling, and payment methods are the hallmarks of this professional package. Please, note, that all the packages include core features and additional ones." Details ******* The problems exist due to insufficient sanitization of user-supplied data. A remote attacker may exploit these issues to influence SQL query logic to disclose sensitive information that could be used to gain unauthorized access. For example try this: http://address/directory/shop.php?cat=[query] http://address/directory/more.php?id=[query] http://address/directory/lite/shop_by_brand.php?cat_manufacturer=[query] http://address/directory/listing.php?id=[query] Solution: ********* The vendor has been contacted and a patch was not yet produced. G00db0y from Zone-h Security Labs - zetalabs@zone-h.org - g00db0y@zone-h.org http://www.zone-h.org/en/advisories/read/id=3972/