Security Advisory: X-Cart SQL inj. vuln. - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  r57shell.php <= 1.3 XSS
  bloggage Remote SQL Injection
  [eVuln] MWNewsletter SQL Injection and XSS Vulnerabilities
  BK Forum <<--V.4.0 SQL Injection

From: r0t <krustevs_(at)_googlemail.com>
Date: 21.04.2006
Subject: X-Cart SQL inj. vuln.

X-Cart SQL inj. vuln.

###############################################
Vuln. discovered by : r0t
Date: 20 april 2006
vendorlink:http://www.x-cart.com/
affected versions:
X-Cart Gold v4.0.18
X-Cart Pro v4.0.18
X-Cart 4.1.0 beta 1
and prior versions also can be affected .
orginal advisory:
http://pridels.blogspot.com/2006/04/x-cart-sql-inj-vuln.html
###############################################

Vuln. Description:

X-cart contains a flaw that allows a remote sql injection
attacks.Inputpassed to the search module paremeters in "
search.php" isn't properly sanitised before being used in a SQL query. This
can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

To proof vuln:

Enter in search field ' and chose in submenu "search in: Detailed
description" or "Search also in: ISBN".

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

test server