Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: e-commerce, shopping carts :: bt1436.txt

Xpressions Software: Multiple SQL Injection Attacks To Manage WebStore






----- Original Message -----
From: "Paul Craig" <pimp@brainwave.net.nz>
To: <bugtraq@securityfocus.com>
Sent: Wednesday, June 04, 2003 5:02 AM
Subject: Xpressions Software: Multiple SQL Injection Attacks To Manage
WebStore


/------------------------
Pimp industries.
--------------------------/

Xpressions Software : Multiple SQL Injection Attacks To
Manage WebStore(s).


BackGround
-------------

When your suppliers and trading partners can interact with your
organization as a seamless extension of your internal business
processes, you'll see dramatic improvements in your ability to take
advantage of new market opportunities.

trueConnect
A Web Application service combining Enterprise Planning and e-Bid
process for the Manufacturing Industry.

FlowerLink
An eCommerce framework for the floral industry that integrates with RTI
system for seemless order entry and wire services.

eVision
Enterprise eCommerce services that integrates Backoffice software such
as Inventory Sytem, Order Entry, and reporting.

Website Integration
Website Integration service combines your corporate site with your
Backoffice software to create robust Intranet and Extranets.


Exploit:
-------------
No user supplied data is correctly parsed for SQL queries before being
execuited and thus allows for an attacker inject his/her own queries in
any user supplied post data.
A more direct and dangerous attack however can be taken at the
administration page.

http://examplestore.com/manage/login.asp
User: admin
Pass: ' or '1' = '1

This would allow the attacker to fully manage the site with admin
rights.
This exploit is found in every product they make.

The severity of this increases since no cryptography is used when
storing senstive data such as other users passwords and credit card
data, leaving them all in plaintext and in clear view of our attacker.



Company Status:
-------------
Company was contacted, no reply was given.


Suggestions/Work Arounds:
-------------
Move/htauth the manage directory, uninstall!



Greets
-------------
sozni, all .nz, decx, hx, and anyone else with more than two
braincells!!



Paul Craig
Security Researcher
Pimp Industries

"He who laughs last thinks slowest!"


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH