[ic] SQL Injection?

Bob Puff bob at nleaudio.com
Wed Sep 24 05:26:14 UTC 2014


Hi Guys, 

I've corrected all the [sql ... entries in my cart, but yet I cannot find
where mv_click or the search stuff is done, that is reported below.  I've
looked in all the pages, and in all the templates.  Where do I find this?

search.html, process.html, and next_step.html are all files that don't
actually exist.  mv_fail_page - how does that even hit a SQL query?

Bob

reference:
--------------------------------------------------------------
Information From Target:
Service: 80:TCP
MySQL-style database, SQL SET / WHERE
Response time:
0 seconds normal response
16 seconds executing injected delay
0 seconds executing injected non-delay
15 seconds executing injected delay again
Sent:
POST /cgi-bin/cart/search.html?id=PC9Bp9yf HTTP/1.0
Host: www.hostname.com
User-Agent: Mozilla/5.0
Content-length: 160
Content-Type: application/x-www-form-urlencoded
Connection: Keep-Alive
Cookie: MV_SESSION_ID=PC9Bp9yf:207.198.99.27

mv_session_id=PC9Bp9yf&mv_searchtype=db&mv_matchlimit=10&mv_sort_field=category&mv_search_
field=x'%20xor%20sleep(15)%20/*&mv_substring_match=1&mv_searchspec=123
Received: HTTP/1.1 200 OK

--------------------------------------------------------------------
Information From Target:
Service: 443:TCP
MS-SQL-style database, SQL SET / WHERE
Response time:
1 seconds normal response
16 seconds executing injected delay
0 seconds executing injected non-delay
15 seconds executing injected delay again
Sent:
POST /cgi-bin/cart/process.html HTTP/1.0
Host: 127.0.0.1
User-Agent: Mozilla/5.0
Content-length: 518
Content-Type: application/x-www-form-urlencoded
Connection: Keep-Alive
Cookie: MV_SESSION_ID=PC9Bp9yf:207.198.99.27

mv_session_id=ongV2b9t&mv_doit=refresh&mv_orderpage=ord%2Fbasket&mv_nextpage=index&quantit
y0=0&quantity0=1&quantity1=0&quantity1=1&quantity2=0&quantity2=1&quantity3=0&quantity3=1&q
uantity4=0&quantity4=1&quantity5=0&quantity5=1&quantity6=0&quantity6=1&%5C%27mv_click_map%
5C%27=%5C%27Check_Out%5C%27&%5C%27mv_click_Check_Out%5C%27=%5C%27%5C%27&mv_click=Check+Out
&zip=123&%5C%27mv_click_map%5C%27=%5C%27Check_Shipping%5C%27&%5C%27mv_click_Check_Shipping
%5C%27=%5C%27%5C%27&mv_click=x")%20waitf

---------------------------------------------------------------------
Information From Target:
Service: 443:TCP
MS-SQL-style database, SQL SET / WHERE
Response time:
1 seconds normal response
15 seconds executing injected delay
0 seconds executing injected non-delay
15 seconds executing injected delay again
Sent:
POST /cgi-bin/cart/ord/next_step.html?id=ongV2b9t HTTP/1.0
Host: 127.0.0.1
User-Agent: Mozilla/5.0
Content-length: 341
Content-Type: application/x-www-form-urlencoded
Connection: Keep-Alive
Cookie: MV_SESSION_ID=PC9Bp9yf:207.198.99.27

mv_action=return&mv_nextpage=ord%2Fbilling&mv_failpage=x')%20waitfor%20delay%20'00:00:15'%
20/*&mv_form_profile=Check_shipping&fname=123&lname=123&company=123&address1=123&address2=
123&city=123&state=123&zip=123&country=123&phone_ship=123&phone_day=123&phone_night=123&em
ail=123&mv_same_billing=1&email_copy=1&promo_code=123&country_reset=123
Received: HTTP/1.1 200 OK
-----------------------------------------------------------------------



More information about the interchange-users mailing list