Info

Disclosure

May 11, 2005

Discovery

Apr 28, 2005

Dates

Exploit

May 11, 2005

Solution

Unknown

Description

Quick.Cart has been reported to contain a flaw that may allow an attacker to manipulate SQL commands. The issue was reported to affect the iCategory variable of the index.php script. Subsequent research indicates that Quick.Cart does not use an SQL database of any kind, rather it uses flat files to maintain database information. The reported vulnerability is incorrect.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Available
OSVDB: Web Related, Myth/Fake

Solution

The vulnerability reported is incorrect. No solution required.

Products

Open Solution

Quick.Cart

0.3

References

Secunia Advisory ID: 15297
Related OSVDB ID: 16330
CVE ID: 2005-1588 (see also: NVD)
Other Advisory URL: http://lostmon.blogspot.com/2005/05/quickcart-sword-variable-xss-and.html
Vendor URL: http://qc.dotgeek.org/os/index.php?p=productsQuickCart

Credit

Lostmon Lords - Lostmongmail.com -

Direct URL: http://osvdb.org/36218