MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulnerability
BID:13382
Info
MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulnerability
| Bugtraq ID: | 13382 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 26 2005 12:00AM |
| Updated: | Nov 15 2007 12:36AM |
| Credit: | dcrab <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
MetaLinks MetaCart2 for SQL Server UK Edition MetaLinks MetaCart2 for PayPal MetaLinks MetaCart2 for PayFlow Link MetaLinks MetaCart Lite 0 MetaLinks MetaCart Free MetaLinks MetaCart 0 |
| Not Vulnerable: | |
Discussion
MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulnerability
A remote SQL-injection vulnerability affects MetaCart2 because the application fails to properly sanitize user-supplied input before including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may allow the attacker to steal sensitive information, potentially including authentication credentials, and to corrupt data.
MetaCart2 is vulnerable; other versions may also be affected.
A remote SQL-injection vulnerability affects MetaCart2 because the application fails to properly sanitize user-supplied input before including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may allow the attacker to steal sensitive information, potentially including authentication credentials, and to corrupt data.
MetaCart2 is vulnerable; other versions may also be affected.
Exploit / POC
MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulnerability
No exploit is required to leverage this issue.
The following proofs of concept are available:
http://www.example.com/mcart2pfp/productsByCategory.asp?intCatalogID='SQL_INJECTION&%3bstrCatalog_NAME=Computers
http://www.example.com/mcart2pal/productsByCategory.asp?intCatalogID=%27SQL_INJECTION&%3bstrCatalog_NAME=Computers
http://www.example.com/mcart2sqluk/productsByCategory.asp?intCatalogID='SQL_INJECTION&%3bpage=2
No exploit is required to leverage this issue.
The following proofs of concept are available:
http://www.example.com/mcart2pfp/productsByCategory.asp?intCatalogID='SQL_INJECTION&%3bstrCatalog_NAME=Computers
http://www.example.com/mcart2pal/productsByCategory.asp?intCatalogID=%27SQL_INJECTION&%3bstrCatalog_NAME=Computers
http://www.example.com/mcart2sqluk/productsByCategory.asp?intCatalogID='SQL_INJECTION&%3bpage=2
Solution / Fix
MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulnerability
References:
References:
- MetaCart Home Page (MetaLinks)
- MetaLinks Home Page (MetaLinks)
- Aria-Security.Net: MetaCart SQL Injection ([email protected] )
- MetaCart2 for PayFlow Multiple Sql Injection Vulnerabilities (dcrab
- Multiple SQL Injections in MetaCart2 for PayPal (dcrab
- Multiple SQL Injections in MetaCart2 for SQL Server Special Edition UK (dcrab