exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

OpenCart 1.1.8 SQL Injection

OpenCart 1.1.8 SQL Injection
Posted Mar 16, 2009
Authored by Adam Baldwin

OpenCart version 1.1.8 suffers from a blind SQL injection vulnerability.

tags | advisory, sql injection
SHA-256 | 4afbb0b776c1f7f3dcf3c064b4802ac815d06428bdfaa3c74451542cf3a8b160

OpenCart 1.1.8 SQL Injection

Change Mirror Download
nGenuity Information Services - Security Advisory

Advisory ID: NGENUITY-2009-005 - OpenCart Order By Blind SQL Injection
Application: OpenCart 1.1.8
Vendor: OpenCart
Vendor website: http://www.opencart.com <http://www.chambermaster.com>
Author: Adam Baldwin (adam_baldwin@ngenuity-is.com)

I. BACKGROUND
"OpenCart is an open source PHP-based online shopping cart system. A robust e-commerce
solution for Internet merchants with the ability to create their own online business and
participate in e-commerce at a minimal cost."[1]

II. DETAILS
An SQL Injection vulnerability exists within OpenCart that can be exploited using blind
injection. This vulnerability exists due to the "order" URL parameter not being properly
sanitized.

This vulnerability can be exploited by an unauthenticated attacker giving them the ability
to access any data within the OpenCart database. This may include but is not limited to
Usernames, Unsalted MD5 password hashes, and payment gateway credentials.

III. REFERENCES
[1] - http://www.opencart.com

IV. VENDOR COMMUNICATION
3.10.2009 - Vulnerability Discovery
3.10.2009 - Vendor Notification
3.10.2009 - Vendor response stating that this is fixed in version 1.1.9
3.15.2009 - Version 1.1.9 released.

Copyright (c) 2009 nGenuity Information Services, LLC
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close