This is a multi-part message in MIME format.

------=_NextPart_000_0005_01C537E8.69C2ED90
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/

Severity: High
Title: Multiple SQL injection vulnerabilities in Turnkey Websites: =
SHOPPING CART
Date: 03/04/2005

Vendor: Turnkey Websites
Vendor Website: http://www.turnkeywebsites.info/
Summary: There are, multiple sql injection vulnerabilities in turnkey =
websites: shopping cart.

Proof of Concept Exploits:=20

http://localhost/SearchResults.php?SearchTerm=3D'SQL_INJECTION&where=3D'S=
QL_INJECTION&ord1=3DItemPrice&ord2=3Ddesc
SQL INJECTION
You have an error in your SQL syntax. Check the manual that corresponds =
to your MySQL server version for the right syntax to use near =
'\'SQL_INJECTION like '%\'SQL_INJECTION%' order by Ite


http://localhost/SearchResults.php?SearchTerm=3Ddcrab&where=3D'SQL_INJECT=
ION&ord1=3D&ord2=3Ddesc
SQL INJECTION
You have an error in your SQL syntax. Check the manual that corresponds =
to your MySQL server version for the right syntax to use near =
'\'SQL_INJECTION like '%dcrab%' order by desc limit 0


http://localhost/SearchResults.php?SearchTerm=3Ddcrab&where=3DItemDescrip=
tion&ord1=3DItemPrice&ord2=3D'SQL_INJECTION
SQL INJECTION
You have an error in your SQL syntax. Check the manual that corresponds =
to your MySQL server version for the right syntax to use near '\'SQL =
INJECTION limit 0, 5' at line 7


Possible Fixes: The usage of htmlspeacialchars(), mysql_escape_string(), =
mysql_real_escape_string() and other functions for input validation =
before passing user input to the mysql database, or before echoing data =
on the screen, would solve these problems.

Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah

Author:=20
These vulnerabilties have been found and released by Diabolic Crab, =
Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to =
contact me regarding these vulnerabilities. You can find me at, =
http://www.hackerscenter.com or http://digitalparadox.org/. Look outfor =
my soon to come out book on Secure coding with php.

Diabolic Crab's Security Services: Contact at =
dcrab[NOSPAM|AT]hackerscenter[NOSPAM|DOT]COM for Php auditing and web =
application securing services, along with programming in php, vb, asp, =
c, c++, perl, java, html and graphic designing.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1 - not licensed for commercial use: www.pgp.com

iQA/AwUBQk7wkSZV5e8av/DUEQJHMwCglMZY7yi5wKzYRXO+YxxpBQN8+lwAnimE
QhGm25bVs6szjFhP7UFIxz19
=3DjKuM
-----END PGP SIGNATURE-----


------=_NextPart_000_0005_01C537E8.69C2ED90
Content-Type: text/html;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2604" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>-----BEGIN PGP SIGNED =
MESSAGE-----<BR>Hash:=20
SHA1</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Dcrab 's Security Advisory<BR>[Hsc =
Security Group]=20
<A =
href=3D"http://www.hackerscenter.com/">http://www.hackerscenter.com/</A><=
BR>[dP=20
Security] <A=20
href=3D"http://digitalparadox.org/">http://digitalparadox.org/</A></FONT>=
</DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Severity: High<BR>Title: Multiple SQL =
injection=20
vulnerabilities in Turnkey Websites: SHOPPING CART<BR>Date:=20
03/04/2005</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Vendor: Turnkey Websites<BR>Vendor =
Website: <A=20
href=3D"http://www.turnkeywebsites.info/">http://www.turnkeywebsites.info=
/</A><BR>Summary:=20
There are, multiple sql injection vulnerabilities in turnkey websites: =
shopping=20
cart.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Proof of Concept Exploits: =
</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://localhost/SearchResults.php?SearchTerm=3D'SQL_INJECTION&am=
p;where=3D'SQL_INJECTION&ord1=3DItemPrice&ord2=3Ddesc">http://loc=
alhost/SearchResults.php?SearchTerm=3D'SQL_INJECTION&where=3D'SQL_INJ=
ECTION&ord1=3DItemPrice&ord2=3Ddesc</A><BR>SQL=20
INJECTION<BR>You have an error in your SQL syntax. Check the manual that =

corresponds to your MySQL server version for the right syntax to use =
near=20
'\'SQL_INJECTION like '%\'SQL_INJECTION%' order by Ite</FONT></DIV>
<DIV>&nbsp;</DIV><FONT face=3DArial size=3D2>
<DIV><BR><A=20
href=3D"http://localhost/SearchResults.php?SearchTerm=3Ddcrab&where=3D=
'SQL_INJECTION&ord1=3D&ord2=3Ddesc">http://localhost/SearchResult=
s.php?SearchTerm=3Ddcrab&where=3D'SQL_INJECTION&ord1=3D&ord2=3D=
desc</A><BR>SQL=20
INJECTION<BR>You have an error in your SQL syntax. Check the manual that =

corresponds to your MySQL server version for the right syntax to use =
near=20
'\'SQL_INJECTION like '%dcrab%' order by desc limit 0</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://localhost/SearchResults.php?SearchTerm=3Ddcrab&where=3D=
ItemDescription&ord1=3DItemPrice&ord2=3D'SQL_INJECTION">http://lo=
calhost/SearchResults.php?SearchTerm=3Ddcrab&where=3DItemDescription&=
amp;ord1=3DItemPrice&ord2=3D'SQL_INJECTION</A><BR>SQL=20
INJECTION<BR>You have an error in your SQL syntax. Check the manual that =

corresponds to your MySQL server version for the right syntax to use =
near '\'SQL=20
INJECTION limit 0, 5' at line 7</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR>Possible Fixes: The usage of htmlspeacialchars(),=20
mysql_escape_string(), mysql_real_escape_string() and other functions =
for input=20
validation before passing user input to the mysql database, or before =
echoing=20
data on the screen, would solve these problems.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Keep your self updated, Rss feed at: <A=20
href=3D"http://digitalparadox.org/rss.ah">http://digitalparadox.org/rss.a=
h</A></DIV>
<DIV>&nbsp;</DIV>
<DIV>Author: <BR>These vulnerabilties have been found and released by =
Diabolic=20
Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel =
free to=20
contact me regarding these vulnerabilities. You can find me at, <A=20
href=3D"http://www.hackerscenter.com">http://www.hackerscenter.com</A> =
or <A=20
href=3D"http://digitalparadox.org/">http://digitalparadox.org/</A>. Look =
outfor my=20
soon to come out book on Secure coding with php.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Diabolic Crab's Security Services: Contact at=20
dcrab[NOSPAM|AT]hackerscenter[NOSPAM|DOT]COM for Php auditing and web=20
application securing services, along with programming in php, vb, asp, =
c, c++,=20
perl, java, html and graphic designing.</DIV>
<DIV>&nbsp;</DIV>
<DIV>-----BEGIN PGP SIGNATURE-----<BR>Version: PGP 8.1 - not licensed =
for=20
commercial use: <A href=3D"http://www.pgp.com">www.pgp.com</A></DIV>
<DIV>&nbsp;</DIV>
<DIV>iQA/AwUBQk7wkSZV5e8av/DUEQJHMwCglMZY7yi5wKzYRXO+YxxpBQN8+lwAnimE<BR>=
QhGm25bVs6szjFhP7UFIxz19<BR>=3DjKuM<BR>-----END=20
PGP SIGNATURE-----<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_0005_01C537E8.69C2ED90--