Plaincart SQL Security Injection Vulnarability.
The Plaincart is a php shopping cart tutorial designed in 2006 and is a great resource for people wanting to learn how to build their first shopping cart system. This tutorial has one main security vulnerability that is very easy to hack. It actually does not even take a hacker to be able to compromise a Plaincart install because the method to discover the user and password info is openly distributed on many websites. The method is as easy as appending the below attributes after the root directory of your Plaincart install.
http://[target]/[script]/index.php?c=16&p=-3+UNION+SELECT+user_name,user_password,3,4,5+from+tbl_user—
There is a fix for the Plaincart SQL Injection Vulnarabilty hack all you have to do is follow the steps below
1. Open your index.php
2. Find line 10 and select:
$pdId = (isset($_GET['p']) && $_GET['p'] != '') ? $_GET['p'] : 0;
3. Replace line 10 with:
function valid_pdId($get)
{
$x = isset($_GET[$get])&&$_GET[$get]!='1' ? $_GET[$get] : '';
if ( !ctype_digit($x) ) {
$x = ' ';
}
return $x;
}
$pdId = valid_pdId('p');
Though there are many great paid ecommerce solutions out there that we would recommend you use instead of Plaincart, this quick fix should remedy the sql injection hack if you find your hands tied!