lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000b01c33f85$be4e2b20$c800000a@aiglippo.com>
Date: Tue, 1 Jul 2003 11:03:35 +0700
From: <aresu@...en.net>
To: <bugtraq@...urityfocus.com>
Subject: CyberStrong Shopping Cart - Advisory & Exploit Code


Advisory Name: Cyberstrong eShop SQL Injection Vulnerability
Release Date: 05/07/2003
Application: CyberStrong eShop v4.2
Platform: Win32/MSSQL
Severity: High
BUG Type: SQL Injection
Discover by: AresU <aresu@...en.net>
Author: Bosen <mobile@...en.net>
Vendor Status: See below.
Vendor URL: http://www.cyberstrong.com/eshop
Reference: http://bosen.net/releases/

Overview:
For the commersial break pls visit
http://www.cyberstrong.com/eshop/features.asp
I know there's lotsa features there.

Details:
CyberStrong provide trial/demo software, in encrypted thought.
But the encryption not as big as its sounds like.

Well, the bugs lies on the application libraries.
And got fired via 10expand.asp, 10browse.asp, and 20review.asp.

With manipulated SQL injection, an attacker would be able to gain some
information including admin's user and admin's password.
Which is can be used thorugh web based admin interface on
/admin/mlogin.asp.

Exploits/POC:
http://[target]/eshop/10Expand.asp?ProductCode='
http://[target]/eshop/20Review.asp?ProductCode='

Vendor Response:
Contacted. No response.

Recommendation:
No recommendation for this.
For workaround, just protect /admin dir with .htpasswd.
(but its not very effective, an attacker still can do query, but at least it
would be slowing their jobs)

1ndonesian Security Team (1st) Advisory:
http://bosen.net/releases/

About 1ndonesian Security Team:
1ndonesian Security Team, research and develop intelligent, advanced
application security assessment. Based in Indonesia, 1ndonesian Security
Team offers best of breed security consulting services, specialising in
application, host and network security assessments.

1st provides security information and patches for use by the entire 1st
community.

This information is provided freely to all interested parties and may be
redistributed provided that it is not altered in any way, 1st is
appropriately
credited and the document retains.

Greetz to:
Bosen, TioEuy,Ipunk, Heltz, Gembul,TomIngShUu, sakitjiwa, muthafuka,
alphacentury,
All 1ndonesian Security Team - #hackers@...tnet.org/centrin.net.id

AresU <aresu@...en.net>
======================
Original document can be fount at http://www.bosen.net/releases/?id=23



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ