|
Widget Imprint SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 5 dec. 2005
Orginal advisory:http://pridels.blogspot.com/2005/12/widget-imprint-sql-inj-vuln.html
Vendor:http://www.widgetpress.com/products?product=wimprint
affected version: 1.0.26 and prior
Product Description:
Database driven web software designed for the heat-transfer imprint, impact print shop to sell promotional items online. (similar to CafePress.com, but you can add any imprintable product you like) Have your customers create their own products, such as T-shirts, mugs, mousepads, boxers, aprons, coasters and so on, with real-time preview. Complete print web service package, Product management, Add product samples, Order tracking, Add company logo, CMS, Real-time customer photo upload, Shopping cart, Online commerce, and Multi-language suppor
Vuln. description:
Input passed to the "product_id" parameter in "create.php" isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
example:
/create.php?action=create&product_id=[SQL]
Solution:
Edit the source code to ensure that input is properly sanitised.
|
