Vulnerabilities > CVE-2004-0300 - Multiple vulnerability in Ecommerce Corporation Online Store KIT 3.0Lite/3.0Pro/3.0Standard

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
ecommerce-corporation-online
critical
nessus
exploit available
NVD
Published: 2004-11-23
Updated: 2017-07-11

Summary

SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.

Vulnerable Configurations

Part Description Count
Application
Ecommerce_Corporation_Online
3

Exploit-Db

  • descriptionEcommerce Corporation Online Store Kit 3.0 listing.php id Parameter SQL Injection. CVE-2004-0300. Webapps exploit for php platform
    idEDB-ID:23720
    last seen2016-02-02
    modified2004-02-18
    published2004-02-18
    reporterG00db0y
    sourcehttps://www.exploit-db.com/download/23720/
    titleEcommerce Corporation Online Store Kit 3.0 listing.php id Parameter SQL Injection
  • descriptionEcommerce Corporation Online Store Kit 3.0 shop_by_brand.php cat_manufacturer Parameter SQL Injection. CVE-2004-0300. Webapps exploit for php platform
    idEDB-ID:23719
    last seen2016-02-02
    modified2004-02-18
    published2004-02-18
    reporterG00db0y
    sourcehttps://www.exploit-db.com/download/23719/
    titleEcommerce Corporation Online Store Kit 3.0 shop_by_brand.php cat_manufacturer Parameter SQL Injection
  • descriptionEcommerce Corporation Online Store Kit 3.0 More.PHP id Parameter SQL Injection. CVE-2004-0300. Webapps exploit for php platform
    idEDB-ID:23711
    last seen2016-02-02
    modified2003-02-17
    published2003-02-17
    reporterDavid Sopas Ferreira
    sourcehttps://www.exploit-db.com/download/23711/
    titleEcommerce Corporation Online Store Kit 3.0 More.PHP id Parameter SQL Injection
  • descriptionEcommerce Corporation Online Store Kit 3.0 shop.php cat Parameter SQL Injection. CVE-2004-0300. Webapps exploit for php platform
    idEDB-ID:23718
    last seen2016-02-02
    modified2004-02-18
    published2004-02-18
    reporterG00db0y
    sourcehttps://www.exploit-db.com/download/23718/
    titleEcommerce Corporation Online Store Kit 3.0 shop.php cat Parameter SQL Injection

Nessus

NASL familyCGI abuses
NASL idECOMMERCE_CORP_SQL_INJECTION.NASL
descriptionThe remote host is running Ecommerce Corporation Online Store Kit, a web-based e-commerce CGI suite. There is a SQL injection vulnerability in the
last seen2020-06-01
modified2020-06-02
plugin id12062
published2004-02-17
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/12062
titleEcommerce Corp. Online Store Kit 3.0 Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if(description)
{
  script_id(12062);
  script_version("1.22");

  script_cve_id("CVE-2004-0300", "CVE-2004-0301");
  script_bugtraq_id(9676, 9687);

  script_name(english:"Ecommerce Corp. Online Store Kit 3.0 Multiple Vulnerabilities");
  script_summary(english:"More.php MoSQL Injection");
 
  script_set_attribute( attribute:"synopsis", value:
"A web application running on the remote host has a SQL injection
vulnerability."  );
  script_set_attribute( attribute:"description",  value:
"The remote host is running Ecommerce Corporation Online Store Kit, a
web-based e-commerce CGI suite.

There is a SQL injection vulnerability in the 'id' parameter of
'more.php'.  This could allow a remote attacker to execute arbitrary
SQL commands, which could be used to take control of the database.
Additional vulnerabilities have been reported in various
scripts, though Nessus has not tested for them."  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade to the latest version of this software."
  );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/02/17");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/02/17");
 script_cvs_date("Date: 2018/06/13 18:56:26");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");

  script_dependencie("find_service1.nasl", "http_version.nasl");
  script_require_ports("Services/www", 80);
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_keys("www/PHP");
  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


port = get_http_port(default:80);
if (!can_host_php(port:port))exit(0);

function check_dir(path)
{
 local_var req, res;

 req = string(path, "/more.php?id=1'");
 res = http_send_recv3(method:"GET", item:req, port:port);
 if (isnull(res)) exit(0);

 if ( "SELECT catid FROM catlink WHERE prodid=1" >< res[2] )
 {
  security_hole(port);
  set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
  set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);  
  exit(0);
 }
}

foreach dir (cgi_dirs())
 {
 	check_dir(path:dir);
 }

References