AOH :: HP Unsorted A :: B06-2422.HTM

Alstrasoft web host directory v1.2



AlstraSoft Web Host Directory v1.2
AlstraSoft Web Host Directory v1.2



AlstraSoft Web Host Directory v1.2

Homepage:
http://www.alstrasoft.com/

((It should be noted too that the demo for this script is on a different domain which also sells a WebHost Directory which looks to be the same product/company called HyperStop WebHost Directory 1.2. Both scripts seem to be the same))

Effected files:

Login form of script.
Search form of script.
Review form of script.
------------------------------------------

Exploits & Vulns:

Inserting html codes in the login form such as:

produces the following full path error: Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /home/username/public_html/ demo/webhost/include/login.php on line 6 --------------------------- URL Injection of the search url reveals SQL Query error: Example: http://www.example.com/demo/webhost/search/?uri=' Unknown column 'p.' in 'where clause' [SELECT COUNT(*) FROM `hsl_plan` p LEFT JOIN `hsl_host` h ON p.hid=h.hid WHERE p.status=1 AND p.``=''] -------------------------- Input data isn't filtered in the write a review box. This in turn can cause a XSS. For proof of concept, just try putting
in as the review text and then login in as the admin and view your review. Reviews have an option to be auto approved too.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.