In several versions of the e-commerce software OXID eShop has blocked a critical vulnerability until recently. It allowed the authors of unauthenticated attacks to use the SQL injection to get complete control of the administration panel and, subsequently, of the entire store system. Exploitation of the gap requires neither a default deviant store configuration nor any (inter) action of the store operator.
Hidden versions of vulnerable versions are available. Although so far OXID has not seen exploits in nature and the discoverer of the vulnerability, the analysis software company RIPSTECH has not published a test code, store owners should update as soon as possible.
Execute arbitrary SQL commands
The vulnerability exploited through the address bar of the Web browser is described in detail by RIPSTECH in a blog postAs a result, the SQL injection is performed using a specially prepared URL. The "prepared" part of the input from the address bar ends in an SQL query by diverting a PHP session variable, which is sent to its database every time a product is called in the store.
According to RIPSTECH, it is possible in this way to inject its own SQL commands. These would look like so-called "overlapping queries" immediately after the original query is executed.
In its proof of concept, the team misuses the gap to create a new administrator account and access the back-end of the store. However, heise Security explained that in principle it would be possible to execute any command.
Vulnerable and safe versions
The security warning published yesterday by OXID call it that Versions from 6.0.0 to 6.0.4 and from 6.1.0 to 6.1.3 as vulnerable. Both the community ("CE") and the company ("EE") – and the Professional Edition ("PE") of the store software are affected.
The development team has the security hole in the versions 6.0.5 and 6.1.4 of CE, EE and PE closed. Therefore, these versions are also (indirectly) protected by a second gap described by RIPSTECH in the same blog post, which, according to a RIPSTECH employee, can only be exploited in combination with the first.
. (tagsToTranslate) Software online store (t) Oxid eShop (t) Vulnerability (t) eCommerce