Recent
[BONSAI] SQL Injection in CS-Cart <= 2.0.5
Here is one of the vulnerabilities which I found during my research for Bonsai Security a few weeks ago. The research consisted of vulnerability assessing commercial and open source ecommerce web applications over a 2 week period.
During the time of my research I learnt a great deal from Andres Riancho (w3af/bonsai-sec owner) and from the vulnerability assessments them selves. So what did I learn? I learnt that patience is definitely a virtue, javascript is a pain in the ass, ecommerce web application developers need to invest more time on security and a lot more as regards to perfecting my assessment techniques.
Here is the vulnerability report:
http://www.bonsai-sec.com/research/vulnerabilities/cs-cart_SQL-injection-0100.txt
Here is a great post by Andres on the difficulty on the actual exploitation:
http://www.bonsai-sec.com/blog/index.php/not-the-average-sql-injection/
A massive thanks to Andres for giving me the opportunity to work for him. I learnt more in the (just over) two week period working for him than I could have learnt in a whole 12 months.
One Response to “[BONSAI] SQL Injection in CS-Cart <= 2.0.5”
Alphonso Munoz
Fairly good post. I just stumbled upon your blog and desired to say that I have really enjoyed reading your posts. Any way I’ll be opting-in to your feed and I pray you post again soon.