lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <BAY19-DAV2E71D1CCBA923250EAB7DD9250@phx.gbl>
Date: Tue Jan 10 19:24:35 2006
From: se_cur_ity at hotmail.com (Morning Wood)
Subject: AspTopSites SQL injection

------------------------------------------------------------
    - EXPL-A-2006-001 exploitlabs.com Advisory 047 -
------------------------------------------------------------
                         - AspTopSites -






AFFECTED PRODUCTS
=================
AspTopSites
http://www.maine-net.com/aspts.asp



OVERVIEW
========
AspTopSites? runs on your Windows NT/2K/2003 Server
 and uses Active Server Pages with a MS Access 2000 database.
 Simply upload AspTopSites?, make one configuration setting
 and you're ready to start running your own TopSites traffic
 generator.  AspTopSites? comes with full source code...
 no encoding or DLLs need to be installed on the server.





DETAILS
=======
1. SQL Injection

AspTopSites does not filter SQL resulting in
full access to the user manager menu.




POC
===

1.
---

entering SQL Injection type statement in the password field
causes the statement to be true.

http://[host]/topsites/default.asp <--- view listings
http://[host]/topsites/goto.asp?id=43 <--- mouseover id value
http://[host]/topsites/includeloginuser.asp <--- login here
user: [ id value ]
password: 'or'


note: Vendor Demo Site is Vuln



SOLUTION:
=========
vendor contact:
Jan  3, 2006 wills@...ne-net.com ( no resp )
Jan 10, 2006 ( no resp => release )



Credits
=======
This vulnerability was discovered and researched by
Donnie Werner of exploitlabs

Donnie Werner

mail:   wood at exploitlabs.com
mail:   morning_wood at zone-h.org
-- 
web: http://exploitlabs.com
web: http://zone-h.org

http://www.exploitlabs.com/files/advisories/EXPL-A-2006-001-asptopsites.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ