Security Advisory: APT-webshop-system vuln. - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  Vulnerabilities in SPIP
  XMB Forum 1.9.5-Final XSS
  interaktiv.shop v.5 XSS vuln.
  MyBB 1.10 'newthread.
php' < CrossSiteScripting >

From: r0t <krustevs_(at)_googlemail.com>
Date: 10.04.2006
Subject: APT-webshop-system vuln.

APT-webshop-system vuln.

###############################################
Vuln. discovered by : r0t
Date: 9 april 2006
vendor:http://www.apt-webservice.de/shopsoftware/
affected versions:
4.0 PRO
3.0 BASIC
3.0 LIGHT
orginal advisory:
http://pridels.blogspot.com/2006/04/apt-webshop-system-vuln.html
###############################################

Vuln. description:

1. SQL injection vuln.

APT-webshop-system contains a flaws that allows a remote sql injection
attacks.Input passed to the "group","seite","id" isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate SQL
queries by injecting arbitrary SQL code.

examples:

/modules.php?warp=artikel&group=[SQL]
/modules.php?warp=artikel&group=&seite=[SQL]
/modules.php?warp=artikel&group=&seite=&id=[SQL]

2. Full Path Disclosure

An attacker can get full install path by testing SQL attack vuln.

+

Bonnus:

/modules.php?warp=File

&

/modules.php?warp=basket&message=%3Cli%3E%3Ca%
20href=http://r0t.in/%3EUNSECURED%20SYSTEMS%3
C/a%3E%3C/li%3E

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/