lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <66895d255bdcaa9e8716dd128e160bcb@criolabs.net>
Date: Mon, 30 Aug 2004 19:16:46 -0400
From: Criolabs <security@...olabs.net>
To: bugtraq@...urityfocus.com
Subject: Password Protect XSS and SQL-Injection vulnerabilities.


****************************************************************************************************
                                             CRIOLABS  

- Software:   Password protect   
- Type:       User Authentication
- Company:    Web Animations
- Date:       30-8-2004


****************************************************************************************************


## Software ##

Software:   Password protect     
Versions:   All  
Languaje:   ASP
Plataforms: Win nt, 2000, xp 
Web:        http://www.webanimations.com.au/


The ultimate protection including unlimited user names and passwords each checking their individual
ip address. You can add 1 ip address or include a range for the users with various IP address's 
when they log in.    



## Affected part ## 

- ChangePassword.asp     (XSS in ShowMsg, SQL Injection in LoginId and OPass variables)
- index.asp              (XSS in ShowMsg)
- index_next.asp	 (SQL Injection in admin and Pass variables)
- users_list.asp         (XSS in ShowMsg variable)
- users_add.asp          (XSS in ShowMsg variable, SQL Injection)
- users_edit.asp	 (XSS, SQL Injection)



## Vulnerabilities ##


	### SQL Injection ###

	A remote user can use an sql-injection attack to login as admin or manipulate the database.
	index_next.asp, ChangePassword.asp, users_edit.asp, users_add.asp are affected.
	
	
	Example:
	
	/adminSection/index_next.asp?
	admin = (SQLInjection) Pass = (SQLInjection)  
	
	/adminSection/ChangePassword.asp?
	LoginId=(SQLInjection) OPass=(SQLInjection) NPass=(SQLInjection) CPass=(SQLInjection)	
	


	### Cross-site Scripting ###
	
	This software do not filter HTML code from user-supplied input in some scripts.
	
	
	Example:

	/adminSection/index.asp?ShowMsg=(XSS)
	/adminSection/ChangePassword.asp?ShowMsg=(XSS)
	/adminSection/users_list.asp?ShowMsg=(XSS)
	/adminSection/users_add.asp?ShowMsg=(XSS)	
	



## History ##

Vendor contacted: Fri, 06 Aug 2004, no response. 



## Credits ##

Criolabs staff
http://www.criolabs.net 

Original advisory and proof of concept in http://www.criolabs.net/advisories/passprotect.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ