Huski Retail Ascet Interactive offers you a very simple and cost effective method of selling goods and services online. Ascet Interactive provides you with a catalogue targeted at your customers, whether they are retail customers or your dealer network. Imagine being able to save on printing, faxing and administration costs by making your whole product range available at anytime via the Web. [ Taken from: http://www.ascetinteractive.com/?id=huskiretail ]

Vulnerability description

The categoryID and productID parameters used in several pages are not sufficiently sanitised, leading to SQL injection.

• Discovered by: Eldar “Wireghoul” Marcussen
• Vendor: ASCET Interactive - http://www.ascetinteractive.com
• Affected versions: Unknown

Exploit URI

http://[target]/[path]/?_action=editProducts&categoryID=[SQLI]

http://[target]/[path]/?_action=showProducts&categoryID=[SQLI]&id=shop

http://[target]/[path]/?_action=showProductDetails&productID=[SQLI]&categoryID=1310&id=shop

http://[target]/[path]/?_action=showProductDetails&productID=22095&categoryID=[SQLI]&id=shop

Solution

Contact the vendor for a fix

Disclosure time line

• 05-Feb-2010 - Public disclosure
• 29-Jan-2010 - Vendor acknowledge vulnerability
• 28-Jan-2010 - Vendor notified through email