Previously discovered: http://packetstormsecurity.org/0812-exploits/estore-sql.txt 856a5dc9cba52e892cbb54bd2e1a0a82 getaphpsite e-store suffers from a remote SQL injection vulnerability in SearchResults.php. Authored By <a href="mailto:trt-turk[at]hotmail.com";>ZoRLu</a> On Fri, Dec 11, 2009 at 05:50:54AM +0100, Salvatore Fresta aka Drosophila wrote: > E-Store SQL Injection Vulnerability > > Name E-Store > Vendor http://www.getaphpsite.com > > Author Salvatore Fresta aka Drosophila > Website http://www.salvatorefresta.net > Contact salvatorefresta [at] gmail [dot] com > Date 2009-09-03 > > X. INDEX > > I. ABOUT THE APPLICATION > II. DESCRIPTION > III. ANALYSIS > IV. SAMPLE CODE > V. FIX > VI. DISCLOSURE TIMELINE > > > I. ABOUT THE APPLICATION > > E-Store is a commercial PHP e-commerce. > > > II. DESCRIPTION > > This application presents a SQL Injection bug. > > > III. ANALYSIS > > Summary: > > A) SQL Injection > > A) SQL Injection > > The GET where parameter passed to SearchResults.php has not > properly sanitised. Because of the affected query, the Magic > Quotes GPC flag (php.in) may be on. > > > IV. SAMPLE CODE > > http://site/path/SearchResults.php?SearchTerm=&where=ItemName UNION > ALL SELECT 1,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16%23&ord1=ItemName&ord2=asc&search1=Go! > > > V. FIX > > No patch.
