| View previous topic :: View next topic |
| Author |
Message |
JeiAr
Site Admin
Joined: 26 Nov 2021
Posts: 207
|
| Posted: Sun Dec 14, 2021 1:07 pm Post subject: osCommerce 2.2-MS1 SQL Injection Vulnerability Details |
|
|
A few people have requested specific details. I will not be releasing any exploit code, but this is the error message you will recieve if vulnerable.
| Code: |
1064 - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '[ Problem Here ]'' and zone_id = '0'' at line 1
select zone_name from zones where zone_country_id = ''[ Problem Here ]'' and zone_id = '0'
[TEP STOP]
|
_________________
GulfTech Research And Development |
|
| Back to top |
|
 |
JeiAr
Site Admin
Joined: 26 Nov 2021
Posts: 207
|
|
| Back to top |
|
|
JamesC
Lurker
Joined: 17 Dec 2021
Posts: 3
|
| Posted: Wed Dec 17, 2021 11:08 am Post subject: Modifying Code... |
|
|
Any tips on modifying 2.2-prerelease code to correct this problem?
I changed every occurence of "select zone_name from zones..." code in general.php, account_details.php, address_book_details.php, and checkout_new_address.php to the modified 2.2 code, but your check prog still tells me the site is vulnerable...
The site I'm trying to repair is heavily modifed, so I'm extremely reluctant to roll 2.2(newer) over the top...
Any help would be GREATLY appreciated...
James... |
|
| Back to top |
|
|
JamesC
Lurker
Joined: 17 Dec 2021
Posts: 3
|
|
| Back to top |
|
|
JeiAr
Site Admin
Joined: 26 Nov 2021
Posts: 207
|
|
| Back to top |
|
|
JamesC
Lurker
Joined: 17 Dec 2021
Posts: 3
|
| Posted: Wed Dec 17, 2021 1:14 pm Post subject: |
|
|
I see that now in your report on your site, but since it wasn't in the bugtraq release, I didn't catch it... My bad...
I see you have another OSCommerce notice today... You've been busy!!! Nice to see someone looking for flaws in something I actually use... 
Keep up the great work, and Thank You...
James... |
|
| Back to top |
|
|
JeiAr
Site Admin
Joined: 26 Nov 2021
Posts: 207
|
| Posted: Wed Dec 17, 2021 1:22 pm Post subject: |
|
|
lol. thanks. Actually, I discovered the XSS flaw around the same time I discovered the SQL injection flaw. However I did not release the XSS vuln because there was not a fix at the time. Had I known people could not upgrade heavily modded MS1 shops easily I would have waited to release the very serious SQL vuln. Anyway, I think osCommerce is a great e-commerce solution, and I hope the recent vulns do not scare any potential users away. They gotta think, now it is way more secure than before. Not only were critical vulns found and addressed, but the developers are now aware that these issues may also be present in other components and work that much harder to make Milestone 3 the best, and safest release yet
Anyway, I am taking a break some time this week to watch the new Lord Of The Rings! w00t
_________________
GulfTech Research And Development |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Best Regards