ViArt Shop 4.0.5 - Multiple Vulnerabilities

EDB-ID:

15572

CVE:


EDB Verified:

Author:

Ariko-Security

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2010-11-19

Vulnerable App: 
# Title: [ViArt SHOP multiple vulnerabilities]
# Date: [18.11.2010]
# Author: [Ariko-Security]
# Software Link: [http://www.viart.com]
# Version: [4.0.5]


============ { Ariko-Security - Advisory #2/11/2010 } =============

ViArt SHOP multiple vulnerabilities

Vendor's Description of Software and demo:
# http://demo-shop.viart.com/ & http://www.viart.com

Dork:
# N/A

Application Info:
# ViArt SHOP
# version last 4.0.5

Vulnerability Info:
# Type: multiple SQL injections, multiple XSS, multiple iFrame injections, multiple link injections , redirector abuse.

Time Table:
# 10/11/2010 - Vendor notified.
# 18/11/2010 - Vendor released fix (partial)

Fix: 
# http://www.viart.com/update_logic_to_increase_site_security_and_fix_xss-compatibility_issues.html

SQL injections:

Input passed via the "rnd" parameter to products_search.php is not properly
sanitised before being used in a SQL query.
Input passed via the "filter" parameter to products.php is not properly
sanitised before being used in a SQL query.

XSS, iFrame Injections, Link injections:


Input passed to the "search_category_id" and "category_id" parameters in ads.php is not properly
sanitised before being returned to the user.

Input passed to the "category_id" parameter in article.php and articles.php is not properly
sanitised before being returned to the user.

Input passed to the "rp" parameter in basket.php and product_details.php is not properly
sanitised before being returned to the user.

Input passed to the "postal_code" parameter in shipping_calculator.php is not properly
sanitised before being returned to the user.

Input passed to the "s_fds" , "s_tit" ,"s_cod" parameters in search.php is not properly
sanitised before being returned to the user.

Input passed to the "s_sds" parameter in ads_search.php is not properly
sanitised before being returned to the user.

URL redirector ABUSE:

user_profile.php vulnerable parameter "return_page"


Solution:
# Input validation of all vulnerable parameters should be corrected.

Credit:
# Discoverd By: Ariko-Security 2010
Advisory:
# http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_746.html
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services