Fixing the Plaincart Hack

by CJ McDaniel // March 16 // 2 Comments

Plaincart SQL Security Injection Vulnarability.

The Plaincart is a php shopping cart tutorial designed in 2006 and is a great resource for people wanting to learn how to build their first shopping cart system. This tutorial has one main security vulnerability that is very easy to hack. It actually does not even take a hacker to be able to compromise a Plaincart install because the method to discover the user and password info is openly distributed on many websites. The method is as easy as appending the below attributes after the root directory of your Plaincart install.

http://[target]/[script]/index.php?c=16&p=-3+UNION+SELECT+user_name,user_password,3,4,5+from+tbl_user—


There is a fix for the Plaincart SQL Injection Vulnarabilty hack all you have to do is  follow the steps below

1. Open your index.php

2. Find line 10 and select:

$pdId   = (isset($_GET['p']) && $_GET['p'] != '') ? $_GET['p'] : 0;

3. Replace line 10 with:

function valid_pdId($get)
{
$x = isset($_GET[$get])&&$_GET[$get]!='1' ? $_GET[$get] : '';
if ( !ctype_digit($x) ) {
$x = ' ';
}
return $x;
}
$pdId = valid_pdId('p');

 

Though there are many great paid ecommerce solutions out there that we would recommend you use instead of Plaincart, this quick fix should remedy the sql injection hack if you find your hands tied!

 

About the Author

CJ grew up admiring books. His family owned a small bookstore throughout his early childhood, and he would spend weekends flipping through book after book, always sure to read the ones that looked the most interesting. Not much has changed since then, except now some of those interesting books he picks off the shelf were designed by his company!