Full Disclosure mailing list archives
FactoSystem CMS Contains Multiple Vulnerabilities
From: full-disclosure () lists netsys com (Matthew Murphy)
Date: Fri, 30 Aug 2002 19:37:06 -0500
FactoSystem CMS Contains Multiple Vulnerabilities Impact: Multiple vulnerabilities -- all allowing manipulation of the backend database Risk: High Class: Input Validation Error Affected System: IIS 4.0 or later with ASP enabled and FactoSystem CMS installed Description Multiple SQL injection vulnerabilities exist in the FactoSystem Content Management System that may allow an attacker to introduce instructions into an SQL query. The vulnerabilities exist because the script fails to verify the validity of numeric data or fails to properly escape certain control characters in strings. The problems are in the handling of the query variables "authornumber" (in author.asp), and "discussblurbid" (in discuss.asp), and the form variables "name" and "email" (in holdcomment.asp). An example is below: http://localhost/author.asp?authornumber=1%28%20And%20AuthorTable%2EAuthorID %3DBlurbTable%2EAuthorID%20And%20BlurbTable%2ESub_id%3DSubjectTable%2ESub_id %20Order%20By%20BlurbTable%2EBlurbdate%20desc%2C%20blurbtable%2Eblurbtime%20 desc%3BUPDATE%20user%20SET%20Password%3DPASSWORD%28%27password%27%29%20WHERE %20user%3D%27root%27%3B%20FLUSH%20PRIVILEGES%3B--
Current thread:
- FactoSystem CMS Contains Multiple Vulnerabilities Matthew Murphy (Aug 30)