osCommerce Customer Testimonials Addon SQL Injection Date: Thursday, February 07, 2008 @ 12:15:06 CST Topic: Security SECUNIA ADVISORY ID: SA28831 VERIFY ADVISORY: http://secunia.com/advisories/28831/ CRITICAL: Moderately critical IMPACT: Manipulation of data, Exposure of sensitive information SOFTWARE: Customer Testimonials 3.x (addon for osCommerce) - http://secunia.com/product/17490/ DESCRIPTION: A vulnerability has been discovered in the Customer Testimonials addon for osCommerce, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "testimonial_id" parameter in customer_testimonials.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows e.g. retrieving customer e-mail addresses and password hashes. The vulnerability is confirmed in version 3.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: "it's my" ORIGINAL ADVISORY: http://milw0rm.com/exploits/5075 This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3226