ORIGINAL LINK: http://systemsecure.org/ssforum/viewtopic.php?t=277

#-------------------------------------
# Ref: SS#21092005
# SYSTEMSECURE.ORG - Advisory/Exploit
#
# * PUBLIC ADVISORY *
#
#-------------------------------------

» Software: Mall23

» Link: http://www.mall23.com/

» Attacks: SQL Injection

» Discovered by: David Sopas Ferreira aka SmOk3
[david at systemsecure.org]

» GoogleDork: "Powered by Mall23.com"


-- ! Description !--

Vendor product description: " Mall23 provides business-focused eCommerce 
products to effectively and measurably
maximise your investment. Includes unique and powerful features specifically 
designed for Internet Hosting companies.
Build your revenue and increase client confidence! Mall23 also generates an 
immediate return on your investment -
- several times over. Discover an all-inclusive package that needs no 
customizations or add-ons. "

Mall23, ASP e-commerce script, is vulnerable to SQL Injection attack using 
POST method. Impact an unauthenticated
attacker may execute arbitrary SQL statements on the vulnerable system. This 
may compromise the integrity of your
database and expose sensitive information.


» Affected file: AddItem.asp - variable: $idOption_Dropdown_2

» Proof of Concept (exploit):

<form 
action="http://siterunning_mall23.com:80/m23Basket/AddItem.asp?idProduct=6" 
method="POST">
<input type="hidden" name="idOption_Dropdown_2" value="'[SQL INJECTION]">
<input type="Submit" name="submit" value="Test Exploit">
</form>


-- ! Solution !--

Vendor was contacted and it fixed the problem in the same day it was 
reported. Upgrade to version 4.11 available
at http://www.mall23.com .


<base64>Rm9y52EgUG9ydHVnYWw=</base64>

# -EOF-