OpenCart order参数SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1183359 漏洞类型 SQL注入
发布时间 2009-03-20 更新时间 2009-04-02
CVE编号 CVE-2009-1027 CNNVD-ID CNNVD-200903-346
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2009030031
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200903-346
|漏洞详情
OpenCart是基于PHP的开源在线购物车系统。OpenCart没有正确地过滤用户所提交的orderURL参数,未经认证的攻击者可以通过向服务器提交特制的SQL查询请求访问数据库中的任意数据,包括用户名、MD5口令哈希、支付网关凭据等。
|漏洞EXP
nGenuity Information Services - Security Advisory

   Advisory ID: NGENUITY-2009-005 - OpenCart Order By Blind SQL Injection
   Application: OpenCart 1.1.8
        Vendor: OpenCart
Vendor website: http://www.opencart.com <http://www.chambermaster.com>
        Author: Adam Baldwin (adam_baldwin_at_ngenuity-is&#46;com)

  I. BACKGROUND
     "OpenCart is an open source PHP-based online shopping cart system. A robust e-commerce
     solution for Internet merchants with the ability to create their own online business and
     participate in e-commerce at a minimal cost."[1]

 II. DETAILS
     An SQL Injection vulnerability exists within OpenCart that can be exploited using blind
     injection. This vulnerability exists due to the "order" URL parameter not being properly
     sanitized. 

     This vulnerability can be exploited by an unauthenticated attacker giving them the ability
     to access any data within the OpenCart database. This may include but is not limited to
     Usernames, Unsalted MD5 password hashes, and payment gateway credentials.

III. REFERENCES
     [1] - http://www.opencart.com

 IV. VENDOR COMMUNICATION
     3.10.2009 - Vulnerability Discovery
     3.10.2009 - Vendor Notification
     3.10.2009 - Vendor response stating that this is fixed in version 1.1.9
     3.15.2009 - Version 1.1.9 released.

Copyright (c) 2009 nGenuity Information Services, LLC

http://www.ngenuity.org/wordpress/2009/03/10/ngenuity-2009-005-opencart-order-by-blind-sql-injection/


|参考资料

来源:XF
名称:ezipwizard-zip-bo(49148)
链接:http://xforce.iss.net/xforce/xfdb/49148
来源:BID
名称:34044
链接:http://www.securityfocus.com/bid/34044
来源:MILW0RM
名称:8180
链接:http://www.milw0rm.com/exploits/8180