Exploit QuickEStore 7.9 - SQL Injection / Full Path Disclosure Download

[Exploiter]

EDB-ID

10771

Проверка EDB

1. Пройдено

Автор

INDOUSHKA

Тип уязвимости

WEBAPPS

Платформа

ASP

CVE

N/A

Дата публикации

2009-12-29

========================================================================================                  
| # Title    : QuickEStore v.7.9 SQLInjection and Path Diclosure Download Vulnerability|
| # Author   : indoushka                                                               |
| # email    : [email protected]                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       |
| # Web Site : www.iq-ty.com                                                           |
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       |
| # Bug      : SQL Injection                                                            | 
======================      Exploit By indoushka       =================================
| # Exploit  : 
| 
| Vulnerability description
| Input passed to the "CategoryID" parameter in prodpage.cfm, the "SubCatID" parameter in index.cfm, the "OrderID" parameter in shipping.cfm, and to the "ItemID" parameter in proddetail.cfm is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 
|
| Note that error messages disclose the full installation path. 
|
| Examples:
|/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]
|/index.cfm?CFID=1&CFTOKEN=1&SubCatID=[SQL]
|/proddetail.cfm?CFID=1&CFTOKEN=1&ItemID=[SQL]
|/checkout.cfm?CFID=&CFTOKEN=&OrderID=[SQL]
|/shipping.cfm?CFID=&CFTOKEN=&OrderID=[SQL]
|Confirmed in version 7.9. Other versions may also be affected.
|This vulnerability affects /sm-ak051/prodpage.cfm. 
|The impact of this vulnerability:
|The remote attacker can manipulate SQL queries by injecting arbitrary SQL code.
|Attack details:
|No details .
================================   Dz-Ghost Team   ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
Rafik (Tinjah.com) * Yashar (sc0rpion.ir) * Silitoad * redda * mourad (dgsn.dz) 
* Stake (v4-team) * Angel25dz (hackteatch.com)
-------------------------------------------------------------------------------------------