iBoutique 4.0 – ‘key’ SQL Injection

• Exploit Database
• 40 阅读

• 作者： SecPod Research
  日期： 2012-07-20
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/19985/

• ##############################################################################
  #
  # Title: NetArt Media iBoutique SQL Injection Vulnerability
  # Author : Antu Sanadi SecPod Technologies (www.secpod.com)
  # Vendor : http://www.netartmedia.net/
  # Advisory : http://secpod.org/blog/?p=510
  #	 : http://secpod.org/advisories/SecPod_NetArt_Media_iBoutique_SQLi_Vuln.txt
  # Software : NetArt Media iBoutique Version 4.0
  # Date : 29/06/2012
  #
  ##############################################################################
  
  SecPod ID: 104402/02/2012 Issue Discovered
   19/06/2012 Vendor Notified
  	 No Response from vendor
   18/07/2012 Advisory Released
  
  Class: SQL Injection Severity: High
  
  
  Overview:
  ---------
  NetArt Media iBoutique SQL Injection Vulnerability.
  
  
  Technical Description:
  ----------------------
  An SQL Injection Vulnerability is present in NetArt Media iBoutique as it fails
  to sanitise user-supplied input.
  
  Input passed via the 'key' parameter to '/index.php' page is not properly
  verified before being used in a SQL query. This can be exploited to
  manipulate SQL queries by injecting arbitrary SQL code. This may allow an
  unauthenticated attacker to launch further attacks.
  
  These vulnerability have been tested on NetArt Media iBoutique v4.0, Other
  versions may also be affected.
  
  
  Impact:
  --------
  Successful exploitation could allow an attacker to manipulate SQL queries by
  injecting arbitrary SQL code.
  
  
  Affected Software:
  ------------------
  NetArt Media iBoutique v4.0
  
  
  Tested on,
  NetArt Media iBoutique v4.0
  
  
  References:
  -----------
  http://secpod.org/blog/?p=510
  http://www.netartmedia.net/iboutique
  http://secpod.org/advisories/SecPod_NetArt_Media_iBoutique_SQLi_Vuln.txt
  
  
  Proof of Concept:
  -----------------
  http://www.example.com/iboutique/index.php?mod=products&key=%27
  
  
  Solution:
  ---------
  Fix not available
  
  
  Risk Factor:
  -------------
   CVSS Score Report:
  ACCESS_VECTOR= NETWORK
  ACCESS_COMPLEXITY= LOW
  AUTHENTICATION = NONE
  CONFIDENTIALITY_IMPACT = PARTIAL
  INTEGRITY_IMPACT = PARTIAL
  AVAILABILITY_IMPACT= NONE
  EXPLOITABILITY = PROOF_OF_CONCEPT
  REMEDIATION_LEVEL= UNAVAILABLE
  REPORT_CONFIDENCE= CONFIRMED
  CVSS Base Score= 6.4 (High) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
  
  Credits:
  --------
  Antu Sanadi of SecPod Technologies has been credited with the discovery of this
  vulnerability.