[30713] in bugtraq
ZH2003-3SA (security advisory): Storefront sql injection: users
daemon@ATHENA.MIT.EDU (G00db0y)
Sat Jul 12 18:53:49 2003
Date: 12 Jul 2003 13:56:46 -0000
Message-ID: <20030712135646.21901.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: G00db0y <G00db0y@zone-h.org>
To: bugtraq@securityfocus.com
ZH2003-3SA (security advisory): Storefront sql injection: users info
disclosure
Published: 12/07/2003
Released: 12/07/2003
Name: Storefront sql injection: users info disclosure
Affected Systems: StoreFront 6.0 (and older versions?)
Issue: Remote attackers can obtain users info
Author: G00db0y@zone-h.org
Description
***********
Zone-h Security Team has discovered a serious security flaw in StoreFront
6.0
(and older versions?). "Storefront offers merchants and developers a
feature
rich, fully customizable e-commerce solution at a fraction of the cost to
deploy
and maintain."
Details
*******
Storefront is an ASP shopping cart / storefront system that covers all
the
needs for ecommerce web sites.
It's possible to retrieve sensible users information. There is a sql
injection vulnerability in /login.asp of StoreFront system. It's possible
to login with this email id and password:
' or 'a'='a
to have then access to the first user in database structure. If an
attacker
knew any email address of a registered user, it'll be possible for him to
retrieve
the registered uses's information from this login page.
Example:
Email of registered user: example@example.com
Email id (user in the login.asp): example@example.com
Password: ' or 'a'='a
Solution:
*********
The vendor has been contacted and a patch is not yet produced
Suggestions:
************
Nothing
G00db0y - www.zone-h.org admin
Original advisory here: http://www.zone-h.org/en/advisories/read/id=2684/
