lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <002301c32a99$88b25fa0$0301a8c0@amphetamins>
Date: Thu, 5 Jun 2003 01:02:17 +1200
From: "Paul Craig" <pimp@...inwave.net.nz>
To: <bugtraq@...urityfocus.com>
Subject: Xpressions Software:          Multiple SQL Injection Attacks To Manage WebStore


	/------------------------
		Pimp industries. 
	--------------------------/
	
	Xpressions Software	: Multiple SQL Injection Attacks To
Manage WebStore(s).


BackGround
-------------

When your suppliers and trading partners can interact with your
organization as a seamless extension of your internal business
processes, you'll see dramatic improvements in your ability to take
advantage of new market opportunities. 

trueConnect
A Web Application service combining Enterprise Planning and e-Bid
process for the Manufacturing Industry.  

FlowerLink
An eCommerce framework for the floral industry that integrates with RTI
system for seemless order entry and wire services.  

eVision
Enterprise eCommerce services that integrates Backoffice software such
as Inventory Sytem, Order Entry, and reporting.  

Website Integration
Website Integration service combines your corporate site with your
Backoffice software to create robust Intranet and Extranets. 


Exploit:
-------------
No user supplied data is correctly parsed for SQL queries before being
execuited and thus allows for an attacker inject his/her own queries in
any user supplied post data.
A more direct and dangerous attack however can be taken at the
administration page.

http://examplestore.com/manage/login.asp
User: admin
Pass: ' or '1' = '1

This would allow the attacker to fully manage the site with admin
rights.
This exploit is found in every product they make.

The severity of this increases since no cryptography is used when
storing senstive data such as other users passwords and credit card
data, leaving them all in plaintext and in clear view of our attacker.



Company Status:
-------------
Company was contacted, no reply was given.


Suggestions/Work Arounds:
-------------
Move/htauth the manage directory, uninstall!



Greets
-------------
sozni, all .nz, decx, hx, and anyone else with more than two
braincells!!
 

 
Paul Craig
Security Researcher
Pimp Industries
 
"He who laughs last thinks slowest!"



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ