MetaCart2 SearchAction.ASP Multiple SQL Injection Vulnerabilities
BID:13393
Info
MetaCart2 SearchAction.ASP Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 13393 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 26 2005 12:00AM |
| Updated: | Apr 26 2005 12:00AM |
| Credit: | dcrab <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
MetaLinks MetaCart2 for SQL Server UK Edition |
| Not Vulnerable: | |
Discussion
MetaCart2 SearchAction.ASP Multiple SQL Injection Vulnerabilities
MetaCart2 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
An attacker may exploit these issues to manipulate SQL queries to the underlying database. This may facilitate the theft of sensitive information, potentially including authentication credentials, and data corruption.
MetaCart2 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
An attacker may exploit these issues to manipulate SQL queries to the underlying database. This may facilitate the theft of sensitive information, potentially including authentication credentials, and data corruption.
Exploit / POC
MetaCart2 SearchAction.ASP Multiple SQL Injection Vulnerabilities
No exploit is required.
The following proof of concept URIs are available:
http://www.example.com/mcart2sqluk/searchAction.asp?chkText='SQL_INJECTION&strText=dcrab&chkPrice=yes&intPrice=all&chkCat=yes&strCat=1
http://www.example.com/mcart2sqluk/searchAction.asp?chkText=yes&strText='SQL_INJECTION&chkPrice=yes&intPrice=all&chkCat=yes&strCat=1
http://www.example.com/mcart2sqluk/searchAction.asp?chkText=yes&strText=dcrab&chkPrice='SQL_INJECTION&intPrice=all&chkCat=yes&strCat=1
http://www.example.com/mcart2sqluk/searchAction.asp?chkText=yes&strText=dcrab&chkPrice=yes&intPrice='SQL_INJECTION&chkCat=yes&strCat=1
http://www.example.com/mcart2sqluk/searchAction.asp?chkText=yes&strText=dcrab&chkPrice=yes&intPrice=all&chkCat='SQL_INJECTION&strCat=1
http://www.example.com/mcart2sqluk/searchAction.asp?chkText=yes&strText=dcrab&chkPrice=yes&intPrice=all&chkCat=yes&strCat='SQL_INJECTION
No exploit is required.
The following proof of concept URIs are available:
http://www.example.com/mcart2sqluk/searchAction.asp?chkText='SQL_INJECTION&strText=dcrab&chkPrice=yes&intPrice=all&chkCat=yes&strCat=1
http://www.example.com/mcart2sqluk/searchAction.asp?chkText=yes&strText='SQL_INJECTION&chkPrice=yes&intPrice=all&chkCat=yes&strCat=1
http://www.example.com/mcart2sqluk/searchAction.asp?chkText=yes&strText=dcrab&chkPrice='SQL_INJECTION&intPrice=all&chkCat=yes&strCat=1
http://www.example.com/mcart2sqluk/searchAction.asp?chkText=yes&strText=dcrab&chkPrice=yes&intPrice='SQL_INJECTION&chkCat=yes&strCat=1
http://www.example.com/mcart2sqluk/searchAction.asp?chkText=yes&strText=dcrab&chkPrice=yes&intPrice=all&chkCat='SQL_INJECTION&strCat=1
http://www.example.com/mcart2sqluk/searchAction.asp?chkText=yes&strText=dcrab&chkPrice=yes&intPrice=all&chkCat=yes&strCat='SQL_INJECTION
Solution / Fix
MetaCart2 SearchAction.ASP Multiple SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
MetaCart2 SearchAction.ASP Multiple SQL Injection Vulnerabilities
References:
References:
- MetaCart2 Product Page (MetaLinks)
- MetaLinks Home Page (MetaLinks)
- Multiple SQL Injections in MetaCart2 for SQL Server Special Edition UK (dcrab