MetaCart e-Shop intProdID and intCatalogID parameters SQL injection
| metacart-eshop-sql-injection (20283) |  Medium Risk |
Description:
MetaCart e-Shop is vulnerable to SQL injection caused by improper validation of user-supplied input. A remote attacker could send a specially-crafted SQL statement to the product.asp and productsByCategory.asp scripts using the intProdID and intCatalogID parameters which would allow the attacker to add, modify or delete data in the backend database.
Consequences:
Data Manipulation
Remedy:
No remedy available as of March 6, 2010.
References:
- BugTraq Mailing List, Tue Apr 26 2005 - 16:44:19 CDT : Multiple SQL Injections in MetaCart e-Shop V-8.
- Dcrab 's Security Advisory: Multiple SQL Injections in MetaCart e-Shop V-8.
- MetaCart e-Shop Web page: MetaCart e-Commerce Systems.
- BID-13376: MetaCart E-Shop V-8 IntProdID Parameter Remote SQL Injection Vulnerability
- BID-13377: MetaCart E-Shop V-8 StrCatalog_NAME Parameter Remote SQL Injection Vulnerability
- BID-13382: MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulnerability
- BID-13385: MetaCart2 strSubCatalog_NAME Parameter Remote SQL Injection Vulnerability
- BID-13393: MetaCart2 SearchAction.ASP Multiple SQL Injection Vulnerabilities
- CVE-2005-1361: Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp.
- CVE-2005-1362: Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter to product.asp, (2) intCatalogID or (3) strSubCatalogID parameters to productsByCategory.asp, (4) chkText, (5) strText, (6) chkPrice, (7) intPrice, (8) chkCat, or (9) strCat parameters to searchAction.asp.
- CVE-2005-1363: Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow allow remote attackers to execute arbitrary commands via (1) intCatalogID, (2) strSubCatalogID, or (3) strSubCatalog_NAME parameter to productsByCategory.asp, (4) curCatalogID, (5) strSubCatalog_NAME, (6) intCatalogID, or (7) page parameter to productsByCategory.asp or (8) intProdID parameter to product.asp.
- SA15134: MetaCart Multiple SQL Injection Vulnerabilities
- SECTRACK ID: 1013975: MetaCart e-Shop Input Validation Holes in `productsByCategory.asp` Permit SQL Injection and Cross-Site Scripting Attacks
- VUPEN/ADV-2005-0396: Metalinks MetaCart/MetaCart2 Multiple SQL Injection Vulnerabilities
Platforms Affected:
- MetaCart MetaCart e-Shop 8
Reported:
Apr 27, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net