Security Advisory: [ECHO_ADV_21$2005] MUltiple Vulnarable In ActiveBuyAndSell

[EN] securityvulns.ru
no-pyccku

Related information
  PHP, ASP, CGI web applications security vulnerabilities
  [SA15743] Legal Case Management System Log File Disclosure
  Infopop UBB Threads Multiple Vulnerabilities
  PHP nuke XSS vulnerability
  [SA15805] UBB.threads Multiple Vulnerabilities

From: dedi dwianto <the_day_(at)_echo.or.id>
Date: 25.06.2005
Subject: [ECHO_ADV_21$2005] MUltiple Vulnarable In ActiveBuyAndSell

---------------------------------------------------------------------------
[ECHO_ADV_21$2005] MUltiple Vulnarable In ActiveBuyAndSell
---------------------------------------------------------------------------

Author: Dedi Dwianto
Date: June, 24th 2005
Location: Indonesia, Jakarta
Web: http://echo.or.id/adv/adv21-theday-2005.txt

---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : ActiveBuyAndSell
version : 6.2
URL : http://ActiveWebSoftwares.com
Author : ActiveWebSoftwares
Description :

ActiveBuyAndSell is a Web-based application that connects people selling products
and services with people looking to buy products and services. Uses MS SQL or
Access database. Full ASp source code included.

---------------------------------------------------------------------------

Vulnerabilities:
~~~~~~~~~~~~~~~~

A. SQL Injection:

  * http://victim/ebuyandsell/default.asp?catid=[SQL inject]

  * http://victim/ebuyandsell/buyersend.asp?catid=[SQL inject]

  * http://victim/ebuyandsell/admin.asp
    In this pages vulnarable sql injection in form input

       POC :
               Administrator ID :[SQL Inject]
               Password         :blank


  * http://victim/ebuyandsell/advertiserstart.asp

       POC :
               E-mail Address :[SQL inject]
               Password        :blank

  * http://victim/ebuyandsell/buyer.asp

       POC :
               E-mail          :[SQL inject]
               Password        :blank

  * http://victim/ebuyandsell/search.asp

       POC :
               Keyword         :[SQL inject]

B. Xss

  * http://victim/ebuyandsell/sendpassword.
asp?Table=Buyer&Title=[XSS]&EmailFld=BEmail

       POC :


http://victim/ebuyandsell/sendpassword.
asp?Table=Buyer&Title=<script>alert('test')</script>&EmailFld=BEmail

* http://victim/ebuyandsell/search.asp

       POC :
               Keyword         : <script>alert('dudul')</script>


C. Fix

  Vendor allready contacted but still no response and i can't fix it because
  i can't view source code :lol

---------------------------------------------------------------------------

Shoutz:
~~~~~~~

~ y3dips, moby, comex, z3r0byt3, K-159, c-a-s-e, S`to, lirva32, anonymous
~ Lieur Euy , MSR
~ newbie_hacker@yahoogroups.com ,
~ #e-c-h-o@DALNET

---------------------------------------------------------------------------
Contact:
~~~~~~~~

    the_day || echo|staff || the_day[at]echo[dot]or[dot]id
    Homepage: http://theday.echo.or.id/

-------------------------------- [ EOF ] ----------------------------------

test server