This is a multi-part message in MIME format.

------=_NextPart_000_0006_01C5364D.143F4680
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dcrab 's Security Advisory
http://icis.digitalparadox.org/~dcrab
http://www.hackerscenter.com/

Severity: Medium
Title: MX Shop 1.1.1 and MX Kart 1.1.2 are vulnerable to multiple SQL =
injection vulnerabilities
Date: 1/04/2005

Vendor: InterAKT
Vendor Website: http://www.interaktonline.com
Summary: There are, mx shop 1.1.1 and mx kart 1.1.2 are vulnerable to =
multiple sql injection vulnerabilities.

Proof of Concept Exploits:=20
http://localhost/kartDemo/index.php?mod=3Dpages&idp=3D'SQL_INJECTION&PHPS=
ESSID=3Db1267b894a93572928850920df08126d
SQL INJECTION
You have an error in your SQL syntax. Check the manual that corresponds =
to your MySQL server version for the right syntax to use near =
'\'SQL_INJECTION' at line 1


http://localhost/MXShop/?mod=3Dcategory&id_ctg=3D'SQL_INJECTION&PHPSESSID=
=3Db1267b894a93572928850920df08126d
SQL INJECTION
You have an error in your SQL syntax. Check the manual that corresponds =
to your MySQL server version for the right syntax to use near =
'\'SQL_INJECTION OR id_prd=3D-1' at line 1


http://localhost/kartDemo/index.php?mod=3Dcategory&id_ctg=3D'SQL_INJECTIO=
N&PHPSESSID=3Db1267b894a93572928850920df08126d
SQL INJECTION
You have an error in your SQL syntax. Check the manual that corresponds =
to your MySQL server version for the right syntax to use near =
'\'SQL_INJECTION OR id_prd=3D-1' at line 1


http://localhost/kartDemo/index.php?PHPSESSID=3Db1267b894a93572928850920d=
f08126d&id_man=3D'SQL_INJECTION&mod=3Dmanufacturer
SQL INJECTION
You have an error in your SQL syntax. Check the manual that corresponds =
to your MySQL server version for the right syntax to use near =
'\'SQL_INJECTION AND visible_prd=3D1 ORDER BY name_prd ASC LIMIT 0

Possible Fixes: The usage of htmlspeacialchars(), mysql_escape_string(), =
mysql_real_escape_string() and other functions for input validation =
before passing user input to the mysql database,=20
or before echoing data on the screen, would solve these problems.

Keep your self updated, Rss feed at: =
http://icis.digitalparadox.org/~dcrab/rss.php

Author:=20
These vulnerabilties have been found and released by Diabolic Crab, =
Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to =
contact me regarding these vulnerabilities. You can find me at, =
http://www.hackerscenter.com or http://icis.digitalparadox.org/~dcrab. =
Lookout for my soon to come out book on Secure coding with php.

Diabolic Crab's Security Services: Contact at =
dcrab[NOSPAM|AT]hackerscenter[NOSPAM|DOT]COM for Php auditing and web =
application securing services, along with programming in php, vb, asp, =
c, c++, perl, java, html and graphic designing.

For advertising on http://icis.digitalparadox.org/~dcrab or in these =
advisories contact dcrab[NOSPAM|AT]hackerscenter[NOSPAM|DOT]COM

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1 - not licensed for commercial use: www.pgp.com

iQA/AwUBQkw/dCZV5e8av/DUEQJ6rwCgya93TPMAsMbCMsDilndeyEmo3b4An0Zh
9QcLcuXpLWwMf2lAHXg4JBN1
=3D1yV9
-----END PGP SIGNATURE-----


------=_NextPart_000_0006_01C5364D.143F4680
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2604" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>-----BEGIN PGP SIGNED =
MESSAGE-----<BR>Hash:=20
SHA1</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Dcrab 's Security Advisory<BR><A=20
href=3D"http://icis.digitalparadox.org/~dcrab">http://icis.digitalparadox=
.org/~dcrab</A><BR><A=20
href=3D"http://www.hackerscenter.com/">http://www.hackerscenter.com/</A><=
/FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Severity: Medium<BR>Title: MX Shop =
1.1.1 and MX=20
Kart 1.1.2 are vulnerable to multiple SQL injection =
vulnerabilities<BR>Date:=20
1/04/2005</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Vendor: InterAKT<BR>Vendor Website: <A=20
href=3D"http://www.interaktonline.com">http://www.interaktonline.com</A><=
BR>Summary:=20
There are, mx shop 1.1.1 and mx kart 1.1.2 are vulnerable to multiple =
sql=20
injection vulnerabilities.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Proof of Concept Exploits: <BR><A=20
href=3D"http://localhost/kartDemo/index.php?mod=3Dpages&amp;idp=3D'SQL_IN=
JECTION&amp;PHPSESSID=3Db1267b894a93572928850920df08126d">http://localhos=
t/kartDemo/index.php?mod=3Dpages&amp;idp=3D'SQL_INJECTION&amp;PHPSESSID=3D=
b1267b894a93572928850920df08126d</A><BR>SQL=20
INJECTION<BR>You have an error in your SQL syntax. Check the manual that =

corresponds to your MySQL server version for the right syntax to use =
near=20
'\'SQL_INJECTION' at line 1</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV><FONT face=3DArial =
size=3D2>
<DIV><BR><A=20
href=3D"http://localhost/MXShop/?mod=3Dcategory&amp;id_ctg=3D'SQL_INJECTI=
ON&amp;PHPSESSID=3Db1267b894a93572928850920df08126d">http://localhost/MXS=
hop/?mod=3Dcategory&amp;id_ctg=3D'SQL_INJECTION&amp;PHPSESSID=3Db1267b894=
a93572928850920df08126d</A><BR>SQL=20
INJECTION<BR>You have an error in your SQL syntax. Check the manual that =

corresponds to your MySQL server version for the right syntax to use =
near=20
'\'SQL_INJECTION OR id_prd=3D-1' at line 1</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://localhost/kartDemo/index.php?mod=3Dcategory&amp;id_ctg=3D'=
SQL_INJECTION&amp;PHPSESSID=3Db1267b894a93572928850920df08126d">http://lo=
calhost/kartDemo/index.php?mod=3Dcategory&amp;id_ctg=3D'SQL_INJECTION&amp=
;PHPSESSID=3Db1267b894a93572928850920df08126d</A><BR>SQL=20
INJECTION<BR>You have an error in your SQL syntax. Check the manual that =

corresponds to your MySQL server version for the right syntax to use =
near=20
'\'SQL_INJECTION OR id_prd=3D-1' at line 1</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://localhost/kartDemo/index.php?PHPSESSID=3Db1267b894a9357292=
8850920df08126d&amp;id_man=3D'SQL_INJECTION&amp;mod=3Dmanufacturer">http:=
//localhost/kartDemo/index.php?PHPSESSID=3Db1267b894a93572928850920df0812=
6d&amp;id_man=3D'SQL_INJECTION&amp;mod=3Dmanufacturer</A><BR>SQL=20
INJECTION<BR>You have an error in your SQL syntax. Check the manual that =

corresponds to your MySQL server version for the right syntax to use =
near=20
'\'SQL_INJECTION AND visible_prd=3D1 ORDER BY&nbsp;name_prd ASC LIMIT =
0</DIV>
<DIV>&nbsp;</DIV>
<DIV>Possible Fixes: The usage of htmlspeacialchars(), =
mysql_escape_string(),=20
mysql_real_escape_string() and other functions for input validation =
before=20
passing user input to the mysql database, <BR>or before echoing data on =
the=20
screen, would solve these problems.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Keep your self updated, Rss feed at: <A=20
href=3D"http://icis.digitalparadox.org/~dcrab/rss.php">http://icis.digita=
lparadox.org/~dcrab/rss.php</A></DIV>
<DIV>&nbsp;</DIV>
<DIV>Author: <BR>These vulnerabilties have been found and released by =
Diabolic=20
Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel =
free to=20
contact me regarding these&nbsp;vulnerabilities. You can find me at, <A=20
href=3D"http://www.hackerscenter.com">http://www.hackerscenter.com</A> =
or <A=20
href=3D"http://icis.digitalparadox.org/~dcrab">http://icis.digitalparadox=
.org/~dcrab</A>.=20
Lookout for my soon to come out book on Secure coding with php.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Diabolic Crab's Security Services: Contact at=20
dcrab[NOSPAM|AT]hackerscenter[NOSPAM|DOT]COM for Php auditing and web=20
application securing services, along with programming in php, vb, asp, =
c, c++,=20
perl, java, html and graphic designing.</DIV>
<DIV>&nbsp;</DIV>
<DIV>For advertising on <A=20
href=3D"http://icis.digitalparadox.org/~dcrab">http://icis.digitalparadox=
.org/~dcrab</A>=20
or in these advisories contact=20
dcrab[NOSPAM|AT]hackerscenter[NOSPAM|DOT]COM</DIV>
<DIV>&nbsp;</DIV>
<DIV>-----BEGIN PGP SIGNATURE-----<BR>Version: PGP 8.1 - not licensed =
for=20
commercial use: <A href=3D"http://www.pgp.com">www.pgp.com</A></DIV>
<DIV>&nbsp;</DIV>
<DIV>iQA/AwUBQkw/dCZV5e8av/DUEQJ6rwCgya93TPMAsMbCMsDilndeyEmo3b4An0Zh<BR>=
9QcLcuXpLWwMf2lAHXg4JBN1<BR>=3D1yV9<BR>-----END=20
PGP SIGNATURE-----<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_0006_01C5364D.143F4680--