exploit the possibilities

Batavi 1.1.2 SQL Injection

Batavi 1.1.2 SQL Injection
Posted Feb 7, 2012
Authored by Onur YILMAZ | Site netsparker.com

Batavi version 1.1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6c6242fe4f709daf95b46538164408f7

Batavi 1.1.2 SQL Injection

Change Mirror Download
Information
--------------------
Name :  SQL Injection Vulnerability in Batavi
Software :  Batavi 1.1.2 and possibly below.
Vendor Homepage :  http://www.batavi.org
Vulnerability Type :  SQL Injection
Severity :  Critical
Researcher :  Onur Yılmaz
Advisory Reference :  NS-12-003

Description
--------------------
Batavi is an open source e-commerce platform.

Details
--------------------
Batavi is affected by a SQL Injection vulnerability in version 1.1.2..
Example PoC url is as follows :

http://example.com/ajax.php (POST - Param: boxToReload)


Solution
--------------------
The vendor fixed this vulnerability in the new version. Please see the
references.


Advisory Timeline
--------------------
05/12/2011 - First contact: Sent the vulnerability details
19/12/2011 - Second contact: Ask for patch
18/01/2012 - Vulnerability Fixed in latest version
24/01/2012 - Vulnerability Released

Credits
--------------------
It has been discovered on testing of Netsparker, Web Application
Security Scanner.

References
--------------------
Vendor Url / Patch : http://sourceforge.net/projects/batavi/files/
MSL Advisory Link :
http://www.mavitunasecurity.com/sql-injection-vulnerability-in-batavi-ecommerce/
Netsparker Advisories : http://www.mavitunasecurity.com/netsparker-advisories/

About Netsparker
--------------------
Netsparker® can find and report security issues such as SQL Injection
and Cross-site Scripting (XSS) in all web applications regardless of
the platform and the technology they are built on. Netsparker's unique
detection and exploitation techniques allows it to be dead accurate in
reporting hence it's the first and the only False Positive Free web
application security scanner.

--
Netsparker Advisories, <advisories@mavitunasecurity.com>
Homepage, http://www.mavitunasecurity.com/netsparker-advisories/

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    4 Files
  • 21
    Oct 21st
    5 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close