AOH :: HP Unsorted O :: VA2900.HTM

OpenCart Order By Blind SQL Injection



NGENUITY-2009-005 OpenCart Order By Blind SQL Injection
NGENUITY-2009-005 OpenCart Order By Blind SQL Injection



nGenuity Information Services - Security Advisory

   Advisory ID: NGENUITY-2009-005 - OpenCart Order By Blind SQL Injection
   Application: OpenCart 1.1.8
        Vendor: OpenCart
Vendor website: http://www.opencart.com  
Author: Adam Baldwin (adam_baldwin@ngenuity-is.com) 

  I. BACKGROUND
     "OpenCart is an open source PHP-based online shopping cart system. A robust e-commerce
     solution for Internet merchants with the ability to create their own online business and
     participate in e-commerce at a minimal cost."[1]

 II. DETAILS
     An SQL Injection vulnerability exists within OpenCart that can be exploited using blind
     injection. This vulnerability exists due to the "order" URL parameter not being properly
     sanitized. 

     This vulnerability can be exploited by an unauthenticated attacker giving them the ability
     to access any data within the OpenCart database. This may include but is not limited to
     Usernames, Unsalted MD5 password hashes, and payment gateway credentials.

III. REFERENCES
[1] - http://www.opencart.com 

 IV. VENDOR COMMUNICATION
     3.10.2009 - Vulnerability Discovery
     3.10.2009 - Vendor Notification
     3.10.2009 - Vendor response stating that this is fixed in version 1.1.9
     3.15.2009 - Version 1.1.9 released.

Copyright (c) 2009 nGenuity Information Services, LLC


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.