what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

TornadoStore 1.4.3 SQL Injection

TornadoStore 1.4.3 SQL Injection
Posted Jun 30, 2010
Authored by Lucas Apa | Site bonsai-sec.com

TornadoStore versions 1.4.3 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2010-1327
SHA-256 | 25be905489a49bf4bbf76c69ef780de90aa2d098b47076f2a88ba1827cac2697

TornadoStore 1.4.3 SQL Injection

Change Mirror Download
           Bonsai Information Security - Advisory
http://www.bonsai-sec.com/research/

Multiple SQL Injection in TornadoStore 1.4.3


1. *Advisory Information*

Title: Multiple SQL Injection in TornadoStore 1.4.3
Advisory ID: BONSAI-2010-0106
Advisory URL:
http://www.bonsai-sec.com/research/vulnerabilities/tornadostore-multiple-sql-injection-0106.php
Date published: 2010-06-29
Vendors contacted: TornadoStore
Release mode: Coordinated release


2. *Vulnerability Information*

Class: SQL Injection
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2010-1327


3. *Software Description*

TornadoStore™ is an ecommerce platform. The objective is to solve integrally
the commercialization of products and services of companies using an online
payment system. [0].

4. *Vulnerability Description*

SQL injection is a code injection technique that exploits a security
vulnerability occurring in the database layer of an application. The
vulnerability is present when user input is either incorrectly filtered for
string literal escape characters embedded in SQL statements or user input
is not strongly typed and thereby unexpectedly executed.

For additional information, please look at the references [1], [2] and [3].


5. *Vulnerable packages*

Version <= 1.4.3


6. *Non-vulnerable packages*

TornadoStore developers informed us that all users should upgrade to the latest
version of TornadoStore, which fixes this vulnerability. More information to be
found here:
http://www.tornadostore.com/


7. *Credits*

This vulnerability was discovered by Lucas Apa ( lucas -at- bonsai-sec.com ).


8. *Technical Description*

8.1 A SQL injection vulnerability was found in the abm_list.php script, more
specifically in the 'where' variable. The vulnerability can be triggered by
logging into TornadoStore Control Panel and browsing to:

http://www.example.com/control/abm_list.php3?db=ts_143&tabla=delivery_courier&tabla_det=delivery_costo&order=&ordor=&tit=&transporte=&ira=&pagina=1&det_order=nDeCSer&det_ordor=asc&txtBuscar=&vars=&where='

8.2 A Blind SQL injection vulnerability was found in the precios.php script, more
specifically in the 'marca' variable. The vulnerability can be triggered by
browsing to:

http://www.example.com/precios.php3?marca=12'


9. *Report Timeline*

- 2010-02-02:
Vulnerabilities were identified.

- 2010-02-08:
Vendor confirmed these vulnerabilities.

- 2010-02-16:
Vendor contacted for an approximate fix release date. No specific answer given.

- 2010-06-24:
The vulnerability is still there.

- 2010-06-29:
The advisory BONSAI-2010-0106 is published.


10. *References*

[0] http://www.tornadostore.com
[1] http://www.owasp.org/index.php/SQL_injection
[2] http://www.owasp.org/index.php/Blind_SQL_Injection
[3] http://en.wikipedia.org/wiki/SQL_injection

11. *About Bonsai*

Bonsai is a company involved in providing professional computer information security services.
Currently a sound growth company, since its foundation in early 2009 in Buenos Aires, Argentina,
we are fully committed to quality service, and focused on our customers' real needs.


12. *Disclaimer*

The contents of this advisory are copyright (c) 2010 Bonsai Information Security, and may be
distributed freely provided that no fee is charged for this distribution and proper credit is
given.

Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close