|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA11044] Spider Sales SQL Injection and Weak Encryption
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Mar 05 2004 - 04:17:04 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Spider Sales SQL Injection and Weak Encryption
SECUNIA ADVISORY ID:
SA11044
VERIFY ADVISORY:
http://secunia.com/advisories/11044/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Manipulation of data, Exposure of system
information, Exposure of sensitive information
WHERE:
From remote
SOFTWARE:
Spider Sales 2.x
DESCRIPTION:
Nick Gudov has reported two vulnerabilities in Spider Sales, allowing
malicious people to conduct SQL injection attacks and to decrypt
sensitive information.
1) The product reportedly uses an insecure implementation of the RSA
cryptosystem to encrypt sensitive information in the database. This
may be exploited by malicious people to read the encrypted
information by calculating the private key.
It is furthermore reported that the private key is stored in the
database in the same table as the public key.
Successful exploitation of these issues requires that a malicious
person has access to the database.
2) Input to the "userId" parameter isn't properly verified in
"viewCart.asp" and other scripts. This can be exploited to manipulate
SQL queries; the potential impact varies depending on the underlying
database.
SOLUTION:
Use another product.
PROVIDED AND/OR DISCOVERED BY:
Nick Gudov
ORIGINAL ADVISORY:
http://www.s-quadra.com/advisories/Adv-20040303.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]