GulfTech Discussion Forum
Welcome to GulfTech Research And Development Discussion Forum
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

osCommerce 2.2-MS1 SQL Injection Vulnerability Details

 
   Reply to topic    GulfTech Discussion Forum Forum Index -> Security
View previous topic :: View next topic  
Author Message
JeiAr
Site Admin



Joined: 26 Nov 2021
Posts: 207

Posted: Sun Dec 14, 2021 1:07 pm    Post subject: osCommerce 2.2-MS1 SQL Injection Vulnerability Details

A few people have requested specific details. I will not be releasing any exploit code, but this is the error message you will recieve if vulnerable.


Code:

 1064 - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '[ Problem Here ]'' and zone_id = '0'' at line 1

select zone_name from zones where zone_country_id = ''[ Problem Here ]'' and zone_id = '0'
[TEP STOP]



_________________
GulfTech Research And Development
Back to top
Send private message Yahoo Messenger
JeiAr
Site Admin



Joined: 26 Nov 2021
Posts: 207

Posted: Sun Dec 14, 2021 1:47 pm    Post subject:

Use this script to check if your shop is vulnerable

http://www.gulftech.org/vuln/ossqlin.txt
_________________
GulfTech Research And Development
Back to top
Send private message Yahoo Messenger
JamesC
Lurker



Joined: 17 Dec 2021
Posts: 3

Posted: Wed Dec 17, 2021 11:08 am    Post subject: Modifying Code...

Any tips on modifying 2.2-prerelease code to correct this problem?

I changed every occurence of "select zone_name from zones..." code in general.php, account_details.php, address_book_details.php, and checkout_new_address.php to the modified 2.2 code, but your check prog still tells me the site is vulnerable...

The site I'm trying to repair is heavily modifed, so I'm extremely reluctant to roll 2.2(newer) over the top...

Any help would be GREATLY appreciated...

James...
Back to top
Send private message
JamesC
Lurker



Joined: 17 Dec 2021
Posts: 3

Posted: Wed Dec 17, 2021 11:50 am    Post subject: Patch File...

Solved my own problem... Happens every once in a while...

The fixed/patched includes/functions/general.php can be downloaded from:
http://www.oscommerce.com/ext/oscommerce-22ms1-20031216.tar.gz

James...
Back to top
Send private message
JeiAr
Site Admin



Joined: 26 Nov 2021
Posts: 207

Posted: Wed Dec 17, 2021 12:47 pm    Post subject:

Yup, Included that link in my report Smile Best Regards

JeiAr
_________________
GulfTech Research And Development
Back to top
Send private message Yahoo Messenger
JamesC
Lurker



Joined: 17 Dec 2021
Posts: 3

Posted: Wed Dec 17, 2021 1:14 pm    Post subject:

I see that now in your report on your site, but since it wasn't in the bugtraq release, I didn't catch it... My bad...

I see you have another OSCommerce notice today... You've been busy!!! Nice to see someone looking for flaws in something I actually use... Very Happy

Keep up the great work, and Thank You...

James...
Back to top
Send private message
JeiAr
Site Admin



Joined: 26 Nov 2021
Posts: 207

Posted: Wed Dec 17, 2021 1:22 pm    Post subject:

lol. thanks. Actually, I discovered the XSS flaw around the same time I discovered the SQL injection flaw. However I did not release the XSS vuln because there was not a fix at the time. Had I known people could not upgrade heavily modded MS1 shops easily I would have waited to release the very serious SQL vuln. Anyway, I think osCommerce is a great e-commerce solution, and I hope the recent vulns do not scare any potential users away. They gotta think, now it is way more secure than before. Not only were critical vulns found and addressed, but the developers are now aware that these issues may also be present in other components and work that much harder to make Milestone 3 the best, and safest release yet

Anyway, I am taking a break some time this week to watch the new Lord Of The Rings! w00t Very Happy
_________________
GulfTech Research And Development
Back to top
Send private message Yahoo Messenger
Display posts from previous:   
   Reply to topic    GulfTech Discussion Forum Forum Index -> Security All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum