SQL Injection Vulnerability in Lizard Cart CMS

Summary

Vulnerability: SQL Injection Vulnerability in Lizard Cart CMS
Discovered: 2006.01.03
Last Update: 0 n/a
ID: EV0012
CVE: CVE-2006-0087
Risk Level: high
Type: SQL Injection
Status: Unpatched
Vendor: n/a
Vulnerable Software: Lizard Cart CMS (http://sourceforge.net/projects/lizardcart)
Version: 1.04
PoC/Exploit: Available
Solution: Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in Lizard Cart CMS (http://sourceforge.net/projects/lizardcart) script.

Vulnerable scripts: pages.phpdetail.php

Variable $id isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Customers personal data is threatened.

Conditions: register_globals = onmagic_quotes_gpc = off

PoC/Exploit

SQL Injection examples:
http://host/lizard/pages.php? id=-1'%20union%20select%201,2,3/*http://host/lizard/detail.php?id=-1'%20union%20select%201,2,3,4,5,6,7,8/*

Conditions: register_globals = ongpc_magic_quotes = off

Solution.

No patch availabve.
Edit source code. Quotes sanitation is needed.

SQL Injection Vulnerability in Lizard Cart CMS

Summary

Description

PoC/Exploit

Solution.

Company

Services

eVuln Labs

eVuln Tools