| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: m_u_d_i_t_a at hotmail.com (Nobody Jones) Subject: Trivial SQL Injection in Energis Search function Vendor: Energis Product: www.energis-squared.net Tested on: Win XP SP1 IE 6.0 Discovery: Author Risk: Medium severity Title: Trivial SQL Injection in Energis Search function .............................................. Background Information ---------------------- Energis is a UK based provider of alternative ISP and telecommunications services to business users. On the 5th of May 2004, Energis published a study entitled the "Cost of Chaos" outlining how many UK businesses are failing to combat the risks posed by online attacks, which was widely reported by the media Relevant Links: http://www.energis-squared.net/news/ShowNewsItem.asp?ID=109 http://www.theregister.co.uk/2004/05/05/energis_it_security/ http://www.hostreview.com/news/news/040505Energis.html Description ----------- The Energis corporate Internet presence located at contains a search engine facility where prospective customers can search for various product and service offerings. This pages is located at, http://www.energis.com/products/search.asp Sadly, Energis seem to have failed to have heeded their own warnings as this feature of the web application is susceptible to simple SQL injection. By inserting a single quote character into the search engine, the underlying SQL database returns an ODBC error which could be used by remote attackers to enumerate database contents, potentially escalate privileges and even execute arbitrary code. Proof of Concept ---------------- Searching for: O'Reilly Returns the error: Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft] [ODBC SQL Server Driver] [SQL Server] Line 1: Incorrect syntax near 'Reilly'. /products/search.asp, line 463 Contact information ------------------- The author of this advisory can be contacted at m_u_d_i_t_a@...mail.com. Disclaimer ----------- The author of this advisory is not responsible for the misuse of the information contained herein. Any use of the information in this advisory is used at personal risk, the author accepts no liability for any damages that may occour. Additional Information ---------------------- The vendor was informed on 31st May 2004. They have not responded as yet. This vulnerability was originally discovered on a previous iteration, of the website. Since informing the vendor, the website has been redesigned, however the vulnerable search function still remains. _________________________________________________________________ Want to block unwanted pop-ups? Download the free MSN Toolbar now! http://toolbar.msn.co.uk/
Powered by blists - more mailing lists