0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
TornadoStore 1.4.3 SQL Injection Vulnerability
[==============================================
TornadoStore 1.4.3 SQL Injection Vulnerability
==============================================
1. *Advisory Information*
Title: Multiple SQL Injection in TornadoStore 1.4.3
Advisory ID: BONSAI-2010-0106
Advisory URL:
http://www.bonsai-sec.com/research/vulnerabilities/tornadostore-multiple-sql-injection-0106.php
Date published: 2010-06-29
Vendors contacted: TornadoStore
Release mode: Coordinated release
2. *Vulnerability Information*
Class: SQL Injection
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2010-1327
3. *Software Description*
TornadoStoreтДв is an ecommerce platform. The objective is to solve integrally
the commercialization of products and services of companies using an online
payment system. [0].
4. *Vulnerability Description*
SQL injection is a code injection technique that exploits a security
vulnerability occurring in the database layer of an application. The
vulnerability is present when user input is either incorrectly filtered for
string literal escape characters embedded in SQL statements or user input
is not strongly typed and thereby unexpectedly executed.
For additional information, please look at the references [1], [2] and [3].
5. *Vulnerable packages*
Version <= 1.4.3
6. *Non-vulnerable packages*
TornadoStore developers informed us that all users should upgrade to the latest
version of TornadoStore, which fixes this vulnerability. More information to be
found here:
http://www.tornadostore.com/
7. *Credits*
This vulnerability was discovered by Lucas Apa ( lucas -at- bonsai-sec.com ).
8. *Technical Description*
8.1 A SQL injection vulnerability was found in the abm_list.php script, more
specifically in the 'where' variable. The vulnerability can be triggered by
logging into TornadoStore Control Panel and browsing to:
http://www.example.com/control/abm_list.php3?db=ts_143&tabla=delivery_courier&tabla_det=delivery_costo&order=&ordor=&tit=&transporte=&ira=&pagina=1&det_order=nDeCSer&det_ordor=asc&txtBuscar=&vars=&where='
8.2 A Blind SQL injection vulnerability was found in the precios.php script, more
specifically in the 'marca' variable. The vulnerability can be triggered by
browsing to:
http://www.example.com/precios.php3?marca=12'
9. *Report Timeline*
- 2010-02-02:
Vulnerabilities were identified.
- 2010-02-08:
Vendor confirmed these vulnerabilities.
- 2010-02-16:
Vendor contacted for an approximate fix release date. No specific answer given.
- 2010-06-24:
The vulnerability is still there.
- 2010-06-29:
The advisory BONSAI-2010-0106 is published.
# 0day.today [2024-11-16] #