osCommerce SQL Injection Vulnerability in Product Reviews Component

A SQL injection vulnerability has been identified in osCommerce version 2.3.4.1. This issue allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'reviews_id' parameter. Exploitation involves sending GET requests to 'product_reviews_write.php' with malicious 'reviews_id' values, using boolean-based SQL injection payloads to extract sensitive information from the database.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries and potentially access or modify sensitive database information.

Reproduction

To reproduce this vulnerability, navigate to the product reviews tab and replace the 'reviews_id' value in the URL with a high number. Then, append a boolean-based SQL injection payload to the end of the URL. This can be done by using a payload that exploits the application's SQL query handling, such as one that uses boolean logic to manipulate the query's execution.