############################################################################## # # Title : NetArt Media iBoutique SQL Injection Vulnerability # Author : Antu Sanadi SecPod Technologies (www.secpod.com) # Vendor : http://www.netartmedia.net/ # Advisory : http://secpod.org/blog/?p=510 # : http://secpod.org/advisories/SecPod_NetArt_Media_iBoutique_SQLi_Vuln.txt # Software : NetArt Media iBoutique Version 4.0 # Date : 29/06/2012 # ############################################################################## SecPod ID: 1044 02/02/2012 Issue Discovered 19/06/2012 Vendor Notified No Response from vendor 18/07/2012 Advisory Released Class: SQL Injection Severity: High Overview: --------- NetArt Media iBoutique SQL Injection Vulnerability. Technical Description: ---------------------- An SQL Injection Vulnerability is present in NetArt Media iBoutique as it fails to sanitise user-supplied input. Input passed via the 'key' parameter to '/index.php' page is not properly verified before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This may allow an unauthenticated attacker to launch further attacks. These vulnerability have been tested on NetArt Media iBoutique v4.0, Other versions may also be affected. Impact: -------- Successful exploitation could allow an attacker to manipulate SQL queries by injecting arbitrary SQL code. Affected Software: ------------------ NetArt Media iBoutique v4.0 Tested on, NetArt Media iBoutique v4.0 References: ----------- http://secpod.org/blog/?p=510 http://www.netartmedia.net/iboutique http://secpod.org/advisories/SecPod_NetArt_Media_iBoutique_SQLi_Vuln.txt Proof of Concept: ----------------- http://www.example.com/iboutique/index.php?mod=products&key=%27 Solution: --------- Fix not available Risk Factor: ------------- CVSS Score Report: ACCESS_VECTOR = NETWORK ACCESS_COMPLEXITY = LOW AUTHENTICATION = NONE CONFIDENTIALITY_IMPACT = PARTIAL INTEGRITY_IMPACT = PARTIAL AVAILABILITY_IMPACT = NONE EXPLOITABILITY = PROOF_OF_CONCEPT REMEDIATION_LEVEL = UNAVAILABLE REPORT_CONFIDENCE = CONFIRMED CVSS Base Score = 6.4 (High) (AV:N/AC:L/Au:N/C:N/I:P/A:N) Credits: -------- Antu Sanadi of SecPod Technologies has been credited with the discovery of this vulnerability.Брой прочитания на тази страница: 1112
NetArt Media iBoutique 4.0 (index.php key parameter) SQL Injection Vulnerability