StorePortal Default.ASP Multiple SQL Injection Vulnerabilities
BID:13358
Info
StorePortal Default.ASP Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 13358 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 25 2005 12:00AM |
| Updated: | Apr 25 2005 12:00AM |
| Credit: | dcrab <[email protected]> is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
StorePortal StorePortal 2.63 |
| Not Vulnerable: | |
Discussion
StorePortal Default.ASP Multiple SQL Injection Vulnerabilities
StorePortal is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
StorePortal is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Exploit / POC
StorePortal Default.ASP Multiple SQL Injection Vulnerabilities
No exploit is required.
The following proof of concept URIs are available:
http://www.example.com/default.asp?language='[SQL injection]
http://www.example.com/default.asp?id=1&opr=2&%3bpic='[SQL injection]
http://www.example.com/default.asp?opr=35&id=1&idcategory='[SQL injection]&idcategoryp=1
http://www.example.com/default.asp?opr=35&id=1&idcategory=1&idcategoryp='[SQL injection]
http://www.example.com/default.asp?mnu=&id=1&opr=5&content='[SQL injection]
http://www.example.com/default.asp?id=1&opr=4&keyword='[SQL injection]
http://www.example.com/default.asp?opr=41&idcategory=11&idcategoryp=11&id=1&idproduct='[SQL injection]
No exploit is required.
The following proof of concept URIs are available:
http://www.example.com/default.asp?language='[SQL injection]
http://www.example.com/default.asp?id=1&opr=2&%3bpic='[SQL injection]
http://www.example.com/default.asp?opr=35&id=1&idcategory='[SQL injection]&idcategoryp=1
http://www.example.com/default.asp?opr=35&id=1&idcategory=1&idcategoryp='[SQL injection]
http://www.example.com/default.asp?mnu=&id=1&opr=5&content='[SQL injection]
http://www.example.com/default.asp?id=1&opr=4&keyword='[SQL injection]
http://www.example.com/default.asp?opr=41&idcategory=11&idcategoryp=11&id=1&idproduct='[SQL injection]
Solution / Fix
StorePortal Default.ASP Multiple SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
StorePortal Default.ASP Multiple SQL Injection Vulnerabilities
References:
References:
- StorePortal Homepage (StorePortal)
- Multiple SQL Injections in StorePortal 2.63 (dcrab