|
|
|
|
| |
Credit:
The information has been provided by Ryan Dewhurst.
The original article can be found at: http://www.bonsai-sec.com/research/vulnerabilities/cs-cart_SQL-injection-0100.txt
|
| |
Vulnerable Systems:
* CS-Cart version 2.0.5 and prior
Immune Systems:
* CS-Cart version 2.0.6
The vulnerability can be triggered by logging into CS-Cart and browsing to:
/index.php?dispatch=reward_points.userlog&result_ids=pagination_contents&sort_by=timestamp&sort_order='
Which will generate a syntax error in the database. The following is the corresponding piece of code:
reward_points.post.php:69
$userlog = db_get_array("SELECT change_id, action, timestamp, amount, reason FROM
?:reward_point_changes WHERE user_id = ?i
ORDER BY $sort_by $sort_order $limit", $user_id);
CVE Information:
CVE-2009-2579
Disclosure Timeline:
2009-07-06: Bonsai notifies CS-Cart team of the vulnerability. Technical details are sent to the developers.
2009-07-09: CS-Cart acknowledges and fixes vulnerability, setting release date of the upgrade to 15 July 2009.
2009-08-04: The advisory BONSAI-2009-0100 is published.
-----------------------------------------------------------------------
Vulnerabilities like this may exist in your site. Find out more about
SQL injection and eliminate it.
|
|
|
|
|
