Related information

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)

[Full-disclosure] [scip_Advisory] e107 v0.6 rate.php manipulation

coWiki 0.3.4 XSS vuln

Relative Real Estate Systems SQL inj. vuln.

Landshop Real Estate Commerce System Vuln.

From:	r0t <krustevs_(at)_googlemail.com>
Date:	05.12.2005
Subject:	Web4Future eCommerce Enterprise Edition v2.1 SQL inj. vuln.

Web4Future eCommerce Enterprise Edition v2.1 SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 5 dec. 2005
orginal advisory:
http://pridels.blogspot.com/2005/12/ecommerce-enterprise-edition-sql-inj.html
vendor:http://www.web4future.com/products.php?p=ecomm
affected version:v2.1 and prior

Product Description:
A fully template driven system which you can use the software to sell any kind of products from computers, household items, downloadable goods, services, groceries, cars or real estates.


Vuln. Description:

Input passed to the "prod","brid"  parameter in "view.php" and "bid" parameter in "viewbrands.php" and "grp","cat" parameter in " index.php"  isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


examples:
/view.php?prod=[SQL]
/viewbrands.php?bid=[SQL]
/view.php?prod=1010001&brid=[SQL]
/index.php?action=ViewGroups&grp=[SQL]
/index.php?action=ViewCategories&cat=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.