BugTraq
Back to list
|
Post reply
[ECHO_ADV_21$2005] MUltiple Vulnarable In ActiveBuyAndSell
Jun 24 2005 11:40AM
Dedi securityfocus com,Dwianto securityfocus com (the_day echo or id)
------------------------------------------------------------------------
---
[ECHO_ADV_21$2005] MUltiple Vulnarable In ActiveBuyAndSell
------------------------------------------------------------------------
---
Author: Dedi Dwianto
Date: June, 24th 2005
Location: Indonesia, Jakarta
Web: http://echo.or.id/adv/adv21-theday-2005.txt
------------------------------------------------------------------------
---
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : ActiveBuyAndSell
version : 6.2
URL : http://ActiveWebSoftwares.com
Author : ActiveWebSoftwares
Description :
ActiveBuyAndSell is a Web-based application that connects people selling products
and services with people looking to buy products and services. Uses MS SQL or
Access database. Full ASp source code included.
------------------------------------------------------------------------
---
Vulnerabilities:
~~~~~~~~~~~~~~~~
A. SQL Injection:
* http://victim/ebuyandsell/default.asp?catid=[SQL inject]
* http://victim/ebuyandsell/buyersend.asp?catid=[SQL inject]
* http://victim/ebuyandsell/admin.asp
In this pages vulnarable sql injection in form input
POC :
Administrator ID :[SQL Inject]
Password :blank
* http://victim/ebuyandsell/advertiserstart.asp
POC :
E-mail Address :[SQL inject]
Password :blank
* http://victim/ebuyandsell/buyer.asp
POC :
E-mail :[SQL inject]
Password :blank
* http://victim/ebuyandsell/search.asp
POC :
Keyword :[SQL inject]
B. Xss
* http://victim/ebuyandsell/sendpassword.asp?Table=Buyer&Title=[XSS]&Email
Fld=BEmail
POC :
http://victim/ebuyandsell/sendpassword.asp?Table=Buyer&Title=<script>ale
rt('test')</script>&EmailFld=BEmail
* http://victim/ebuyandsell/search.asp
POC :
Keyword : <script>alert('dudul')</script>
C. Fix
Vendor allready contacted but still no response and i can't fix it because
i can't view source code :lol
------------------------------------------------------------------------
---
Shoutz:
~~~~~~~
~ y3dips, moby, comex, z3r0byt3, K-159, c-a-s-e, S`to, lirva32, anonymous
~ Lieur Euy , MSR
~ newbie_hacker (at) yahoogroups (dot) com [email concealed] ,
~ #e-c-h-o@DALNET
------------------------------------------------------------------------
---
Contact:
~~~~~~~~
the_day || echo|staff || the_day[at]echo[dot]or[dot]id
Homepage: http://theday.echo.or.id/
-------------------------------- [ EOF ] ----------------------------------
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
---
[ECHO_ADV_21$2005] MUltiple Vulnarable In ActiveBuyAndSell
------------------------------------------------------------------------
---
Author: Dedi Dwianto
Date: June, 24th 2005
Location: Indonesia, Jakarta
Web: http://echo.or.id/adv/adv21-theday-2005.txt
------------------------------------------------------------------------
---
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : ActiveBuyAndSell
version : 6.2
URL : http://ActiveWebSoftwares.com
Author : ActiveWebSoftwares
Description :
ActiveBuyAndSell is a Web-based application that connects people selling products
and services with people looking to buy products and services. Uses MS SQL or
Access database. Full ASp source code included.
------------------------------------------------------------------------
---
Vulnerabilities:
~~~~~~~~~~~~~~~~
A. SQL Injection:
* http://victim/ebuyandsell/default.asp?catid=[SQL inject]
* http://victim/ebuyandsell/buyersend.asp?catid=[SQL inject]
* http://victim/ebuyandsell/admin.asp
In this pages vulnarable sql injection in form input
POC :
Administrator ID :[SQL Inject]
Password :blank
* http://victim/ebuyandsell/advertiserstart.asp
POC :
E-mail Address :[SQL inject]
Password :blank
* http://victim/ebuyandsell/buyer.asp
POC :
E-mail :[SQL inject]
Password :blank
* http://victim/ebuyandsell/search.asp
POC :
Keyword :[SQL inject]
B. Xss
* http://victim/ebuyandsell/sendpassword.asp?Table=Buyer&Title=[XSS]&Email
Fld=BEmail
POC :
http://victim/ebuyandsell/sendpassword.asp?Table=Buyer&Title=<script>ale
rt('test')</script>&EmailFld=BEmail
* http://victim/ebuyandsell/search.asp
POC :
Keyword : <script>alert('dudul')</script>
C. Fix
Vendor allready contacted but still no response and i can't fix it because
i can't view source code :lol
------------------------------------------------------------------------
---
Shoutz:
~~~~~~~
~ y3dips, moby, comex, z3r0byt3, K-159, c-a-s-e, S`to, lirva32, anonymous
~ Lieur Euy , MSR
~ newbie_hacker (at) yahoogroups (dot) com [email concealed] ,
~ #e-c-h-o@DALNET
------------------------------------------------------------------------
---
Contact:
~~~~~~~~
the_day || echo|staff || the_day[at]echo[dot]or[dot]id
Homepage: http://theday.echo.or.id/
-------------------------------- [ EOF ] ----------------------------------
[ reply ]