lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20040322201557.30671.qmail@gulo.org>
Date: Mon, 22 Mar 2004 21:15:57 +0100
From: "Manuel Lopez" <mantra@...o.org>
To: bugtraq@...urityfocus.com
Subject: Vulnerabilities in News Manager Lite 2.5 & News Manager Lite administration


#Title:  Vulnerabilities in News Manager Lite 2.5 & News Manager Lite 
administration. 

#Software:  News Manager Lite 2.5 & News Manager Lite administration.
#Vendor:  http://www.expinion.net/software/app_newsmanager.asp
#Impact:  Disclosure of authentication information, Disclosure of user 
information, Execution of arbitrary code via network, Modification of user 
and admin information, User access via network.
#Underlying OS:  Windows NT, Windows 2000, Windows 2003 or Windows XP 
Professional/Server. 


 ---- News Manager Lite 2.5 ---- 

#Vendor Description: 

The Expinion News Manager Lite, makes it easy for you to keep your site's 
news up-to-date. You can manage all your news items from an online 
administration, and keep an archive of older news. 

#Vulnerabilities: 

This software has Multiple Flaws That Let Remote Users Hijack Admin Account, 
Inject SQL Commands, and Conduct Cross-Site Scripting Attacks. 

#Cross Site Scripting# 

This product is vulnerable to the Cross-Site Scripting vulnerability that 
would allow attackers to inject HTML and script codes into the pages and 
execute it on the client's browser. 

Examples:
http://[host]/comment_add.asp?ID=3&email=[XSS]
http://[host]/search.asp?search=[XSS]
http://[host]/category_news_headline.asp?ID=2&n=[XSS] 

#SQL Injection# 

Another problem could lead an attacker to inject SQL code to manipulate and 
disclose various information from the database. 

Examples:
http://[host]/more.asp?ID='[SQL query]
http://[host]/category_news.asp?ID='[SQL]
http://[host]/news_sort.asp?filter='[SQL] 


 ---- News Manager Lite administration ---- 

#Cookie Account Hijack# 

This issue can be exploited to gain an administrative account with the 
service.
You can login like administrator modifying the cookie in this "way". 

Example:
Cookie: NEWS%5FLOGIN=ADMIN=1&ID=1 

#Solution: 

Vendor contacted, the vulnerabilities will be addressed very soon. 

#Credits: 

Manuel López. mantra@...o.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ