| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201202231704.q1NH4qaQ031987@sf01web1.securityfocus.com> Date: Thu, 23 Feb 2012 17:04:52 GMT From: demonalex@....com To: bugtraq@...urityfocus.com Subject: CJWSoft ASPGuest GuestBook 'edit.asp' - SQL Injection Vulnerability Title: CJWSoft ASPGuest GuestBook 'edit.asp' - SQL Injection Vulnerability Product : CJWSoft ASPGuest GuestBook Version : Free Version Vendor: http://www.cjwsoft.com/aspguest/default.asp Class: Input Validation Error CVE: Remote: Yes Local: No Published: 2012-02-24 Updated: Impact : Medium (CVSSv2 Base : 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P) Bug Description : Page 'edit.asp' of CJWSoft ASPGuest GuestBook(Free Version) is vulnerable with Security Access Control Bypass and SQL Injection Vulnerability. POC: #------------------------------------------------------------- 1) Security Access Control Bypass Page 'edit.asp' is a page for editing message as administrator privilege, but it can be viewed without authentication by everyone. 2) SQL Injection http://victim/guestbook/admin/edit.asp?ID=8 and 1=1 http://victim/guestbook/admin/edit.asp?ID=8 and 1=2 etc... #------------------------------------------------------------- Advice: 1) Add 'Session()' for authentication into 'edit.asp'. 2) Use 'cint()' for converting type of ID into 'edit.asp'. Credits : This vulnerability was discovered by demonalex@....com mail: demonalex@....com / ChaoYi.Huang@...nect.polyu.hk Pentester/Researcher Dark2S Security Team/PolyU.HK
Powered by blists - more mailing lists