Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtBonsai1337DAY-ID-13065
HistoryJun 29, 2010 - 12:00 a.m.

TornadoStore 1.4.3 SQL Injection Vulnerability

2010-06-2900:00:00
Bonsai
0day.today
21
JSON

Exploit for php platform in category web applications

==============================================
TornadoStore 1.4.3 SQL Injection Vulnerability
==============================================

1. *Advisory Information*

Title: Multiple SQL Injection in TornadoStore 1.4.3
Advisory ID: BONSAI-2010-0106
Advisory URL:
http://www.bonsai-sec.com/research/vulnerabilities/tornadostore-multiple-sql-injection-0106.php
Date published: 2010-06-29
Vendors contacted: TornadoStore
Release mode: Coordinated release


2. *Vulnerability Information*

Class: SQL Injection
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2010-1327


3. *Software Description*

TornadoStoreΓ‘β€šΓβ€ΓΒ² is an ecommerce platform. The objective is to solve integrally
the commercialization of products and services of companies using an online 
payment system. [0].

4. *Vulnerability Description*

SQL injection is a code injection technique that exploits a security 
vulnerability occurring in the database layer of an application. The 
vulnerability is present when user input is either incorrectly filtered for 
string literal escape characters embedded in SQL statements or user input 
is not strongly typed and thereby unexpectedly executed. 

For additional information, please look at the references [1], [2] and [3].


5. *Vulnerable packages*

Version <= 1.4.3


6. *Non-vulnerable packages*

TornadoStore developers informed us that all users should upgrade to the latest 
version of TornadoStore, which fixes this vulnerability. More information to be 
found here:
    http://www.tornadostore.com/


7. *Credits*

This vulnerability was discovered by Lucas Apa ( lucas -at- bonsai-sec.com ).


8. *Technical Description*

8.1 A SQL injection vulnerability was found in the abm_list.php script, more 
specifically in the 'where' variable. The vulnerability can be triggered by
logging into TornadoStore Control Panel and browsing to:

http://www.example.com/control/abm_list.php3?db=ts_143&tabla=delivery_courier&tabla_det=delivery_costo&order=&ordor=&tit=&transporte=&ira=&pagina=1&det_order=nDeCSer&det_ordor=asc&txtBuscar=&vars=&where='

8.2 A Blind SQL injection vulnerability was found in the precios.php script, more 
specifically in the 'marca' variable. The vulnerability can be triggered by
browsing to:

http://www.example.com/precios.php3?marca=12'


9. *Report Timeline*

    - 2010-02-02:
    Vulnerabilities were identified.

    - 2010-02-08:
    Vendor confirmed these vulnerabilities.

    - 2010-02-16:
    Vendor contacted for an approximate fix release date. No specific answer given.

    - 2010-06-24:
    The vulnerability is still there.

    - 2010-06-29:
    The advisory BONSAI-2010-0106 is published.



#  0day.today [2018-04-02]  #

Related

nvd 1
cve 1
prion 1
exploitdb 1
packetstorm 1
securityvulns 2
cvelist 1
nvd
nvd
CVE-2010-1327
2010-07-06 17:17:13
cve
cve
CVE-2010-1327
2010-07-06 17:17:13
prion
prion
Sql injection
2010-07-06 17:17:00
exploitdb
exploitdb
TornadoStore 1.4.3 - SQL Injection / HTML Injection
2010-06-29 00:00:00
packetstorm
packetstorm
TornadoStore 1.4.3 SQL Injection
2010-06-30 00:00:00
securityvulns
securityvulns
Multiple SQL Injection in TornadoStore 1.4.3
2010-06-29 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2010-06-29 00:00:00
cvelist
cvelist
CVE-2010-1327
2010-07-06 14:00:00
JSON
Related for 1337DAY-ID-13065
nvd1cve1prion1exploitdb1packetstorm1securityvulns2cvelist1