SQL Injection Vulnerability in Lizard Cart CMS

Summary

Vulnerability
SQL Injection Vulnerability in Lizard Cart CMS
Discovered
2006.01.03
Last Update
0 n/a
ID
EV0012
CVE
CVE-2006-0087
Risk Level
high
Type
SQL Injection
Status
Unpatched
Vendor
n/a
Vulnerable Software
Lizard Cart CMS (http://sourceforge.net/projects/lizardcart)
Version
1.04
PoC/Exploit
Available
Solution
Available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in Lizard Cart CMS (http://sourceforge.net/projects/lizardcart) script.

Vulnerable scripts: pages.phpdetail.php

Variable $id isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Customers personal data is threatened.

Conditions: register_globals = onmagic_quotes_gpc = off

PoC/Exploit

SQL Injection examples:
http://host/lizard/pages.php? id=-1'%20union%20select%201,2,3/*http://host/lizard/detail.php?id=-1'%20union%20select%201,2,3,4,5,6,7,8/*

Conditions: register_globals = ongpc_magic_quotes = off

Solution.

No patch availabve.
Edit source code. Quotes sanitation is needed.