lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040322201435.30662.qmail@gulo.org>
Date: Mon, 22 Mar 2004 21:14:35 +0100
From: "Manuel Lopez" <mantra@...o.org>
To: bugtraq@...urityfocus.com
Subject: Vulnerabilities in Member Management System 2.1


#Title:  Vulnerabilities in Member Management System 2.1 

#Software:  Member Management System 2.1
#Vendor:  http://www.expinion.net/software/app_mms.asp
#Impact:  Disclosure of authentication information, Disclosure of user 
information, Execution of arbitrary code via network, Modification of user 
and admin information, User access via network.
#Underlying OS:  Windows NT, Windows 2000, Windows 2003 or Windows XP 
Professional/Server. 

#Vendor Description: 

Quickly secure pages or portions of your web site from unregistered 
visitors. Easy to integrate security into existing sites! Login to admin to 
send 'Expiry Notices', upload & download user data, capture member activity, 
browser & os info, add optional fields, send subscriber newsletters, group & 
relate people, verify email addresses… 

#Vulnerabilities: 

Input Validation Holes Permit SQL Injection and Cross-Site Scripting 
Attacks. 

#SQL Injection# 

A problem of sanitation in resend.asp, news_view.asp, could lead an attacker 
to inject SQL code to manipulate and disclose information from the database.
The same problem is present in administration site in more scripts. 

Examples:
http://[host]/resend.asp?ID=[SQL query]
http://[host]/news_view.asp?ID=[SQL query] 

#Cross-Site Scripting# 

Another problem of sanitation permits an attacker inject a XSS in the 
register form (register.asp), this will be executed at the administration 
site permitting the attacker to modify or delete data.
Also is possible a XSS attack in error.asp. 

Example:
http://[host]/error.asp?err=">[XSS]
Example to delete a user:
In the register form: "><iframe src=http://[host]/admin/user_del.asp?ID=[ID 
to delete]> 

#Solution: 

Vendor contacted, the vulnerabilities will be addressed very soon.
Thanks to Vladimir S. Pekulas.
http://www.expinion.net/software/app_mms.asp 

#Credits: 

Manuel López. mantra@...o.org 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ