Craft Silicon Banking@Home SQL Injection

2009.02.28
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Craft Silicon Banking@Home SQL Injection *********************************************************************** Author: Francesco Bianchino Email: f.bianchino [at] gmail.com Title: Craft Silicon Banking@Home SQL Injection Product: Banking@Home - Net Banking Versions Vulnerable: 2.1 and below Vendor: Craft Silicon (www.craftsilicon.com) *********************************************************************** Summary Banking@Home is an home banking application that allows customers to access their account information using the web. The application uses data in a database management system that uses Structured Query Language (SQL) as a data access standard. ********************************************************************** Vulnerability Details The login page of Net Banking is vulnerable to SQL Injection attack, due to a missing input validation mechanisms. An attacker can inject SQL code into the username and password fields, altering the login procedure. There is a classic error based injection, really easy to exploit to take control of the entire server. Authentication bypass is possible using valid username, no password is required, or otherwise the user table can be arbitrary modified. *********************************************************************** Exploit http://www.example.com/document_root/Login.asp?LoginName='Some_SQL_Stuff &Password=&submit=Login *********************************************************************** Solution At the moment of writing this advisory there is no solution yet. I advised Craft Silicon in November 2008 and i actually have received no answer. *********************************************************************** Credits Discovered by Francesco Bianchino.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top