iBoutique 4.0 - 'key' SQL Injection

EDB-ID:

19985

CVE:





Platform:

PHP

Date:

2012-07-20


##############################################################################
#
# Title    : NetArt Media iBoutique SQL Injection Vulnerability
# Author   : Antu Sanadi SecPod Technologies (www.secpod.com)
# Vendor   : http://www.netartmedia.net/
# Advisory : http://secpod.org/blog/?p=510
#	   : http://secpod.org/advisories/SecPod_NetArt_Media_iBoutique_SQLi_Vuln.txt
# Software : NetArt Media iBoutique Version 4.0
# Date     : 29/06/2012
#
##############################################################################

SecPod ID: 1044                                    02/02/2012 Issue Discovered
                                                   19/06/2012 Vendor Notified
	                                           No Response from vendor
                                                   18/07/2012 Advisory Released

Class: SQL Injection                               Severity: High


Overview:
---------
NetArt Media iBoutique SQL Injection Vulnerability.


Technical Description:
----------------------
An SQL Injection Vulnerability is present in NetArt Media iBoutique as it fails
to sanitise user-supplied input.

Input passed via the 'key' parameter to '/index.php' page is not properly
verified before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code. This may allow an
unauthenticated attacker to launch further attacks.

These vulnerability have been tested on NetArt Media iBoutique v4.0, Other
versions may also be affected.


Impact:
--------
Successful exploitation could allow an attacker to manipulate SQL queries by
injecting arbitrary SQL code.


Affected Software:
------------------
NetArt Media iBoutique v4.0


Tested on,
NetArt Media iBoutique v4.0


References:
-----------
http://secpod.org/blog/?p=510
http://www.netartmedia.net/iboutique
http://secpod.org/advisories/SecPod_NetArt_Media_iBoutique_SQLi_Vuln.txt


Proof of Concept:
-----------------
http://www.example.com/iboutique/index.php?mod=products&key=%27


Solution:
---------
Fix not available


Risk Factor:
-------------
   CVSS Score Report:
        ACCESS_VECTOR          = NETWORK
        ACCESS_COMPLEXITY      = LOW
        AUTHENTICATION         = NONE
        CONFIDENTIALITY_IMPACT = PARTIAL
        INTEGRITY_IMPACT       = PARTIAL
        AVAILABILITY_IMPACT    = NONE
        EXPLOITABILITY         = PROOF_OF_CONCEPT
        REMEDIATION_LEVEL      = UNAVAILABLE
        REPORT_CONFIDENCE      = CONFIRMED
        CVSS Base Score        = 6.4 (High) (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Credits:
--------
Antu Sanadi of SecPod Technologies has been credited with the discovery of this
vulnerability.