[UNIX] PHPCatalog E-Commerce SQL Injection
From: SecuriTeam (support_at_securiteam.com)
Date: 01/01/04
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 1 Jan 2004 12:21:13 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
PHPCatalog E-Commerce SQL Injection
------------------------------------------------------------------------
SUMMARY
<http://www.siliconsys.com/content/applications/phpcatalog/> PHPCatalog
is "an easy to use, yet comprehensive e-catalog solution". An SQL
injection vulnerability in the product allows remote attackers to cause
the product to include arbitrary SQL statements into existing ones.
DETAILS
Vulnerable systems:
* PHPCatalog version 2.6.9 and prior
Immune systems:
* PHPCatalog version 2.6.10
PHPCatalog is vulnerable to a SQL injection attack. This occurs because of
the bad filtering on "id" variable, which can be exploited to insert and
manipulate SQL queries.
Example:
http://vulnerable/PHPCatalog/?function=detail&id='
Solution:
Upgrade to version 2.6.10 or newer.
ADDITIONAL INFORMATION
The information has been provided by <mailto:iamroot@systemsecure.org>
David S. Ferreira.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [UNIX] WordPress Cafelog SQL Injection Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... WordPress Cafelog has been found
to contain an SQL Injection vulnerability ... (Securiteam) - [REVS] Lateral SQL Injection: a New Class of Vulnerability in Oracle
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Lateral SQL Injection:
a New Class of Vulnerability in Oracle ... How can an attacker exploit a PL/SQL procedure
that doesn't even take user ... is then dynamically executed via the EXECUTE IMMEDIATE statement.
... (Securiteam) - [UNIX] Multiple Vulnerabilities MetaDot Portal Server
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... SQL Injection: ...
query he can cause an error message to execute script into an unsuspecting ... users browser
thus causing a Cross Site Scripting attack. ... (Securiteam) - [UNIX] Joomla BSQ Sitestats Component Multiple Vulnerabilities
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Secunia Research has discovered
some vulnerabilities in the BSQ ... SQL query. ... Successful exploitation
requires that "register_globals" is enabled. ... (Securiteam) - [UNIX] PluggedOut Nexus SQL injection
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... PluggedOut Nexus SQL
injection ... vulnerability in the Nexus PluggedOut product allows remote attackers
to ... (Securiteam)
