Re: Sql-Injection and XSS on ASP.Net Internal Application

[André Gil <andregil () di fct unl pt>]

Hi.

The error you got has to do with FoxPro missing a right parentesis on the 
function name.
So this suggest that the database server is foxpro.
For this I would suggest for you to test it against buffer overflow. 
Actually there was a buffer overflow vulnerability on foxpro driver and MS 
released a patch, now the question to ask is if your client has applied the 
patch. For this google a little and you'll find some usefull info.

André

----- Original Message ----- 
From: "3 shool" <3shool () gmail com>
To: <pen-test () securityfocus com>
Sent: Sunday, March 05, 2006 7:46 PM
Subject: Sql-Injection and XSS on ASP.Net Internal Application


> Hi,
>
> We are doing Penetration Testing, inclusive of Web Application
> Assessment, for our client's internal application. We have identified
> the OS as Windows 2003 server and Web server as IIS 6.0. The sever has
> ports number 80 and 443 open.
>
> Now when I visit the site I get a login form. I insert a simple sql
> injection statement ' OR 1=1-- in username or password field and get
> the result below from the server:
>
> Microsoft OLE DB Provider for ODBC Drivers error '80004005'
>
> [Microsoft][ODBC Visual FoxPro Driver]Function name is missing ).
>
> /home.asp, line 34
>
> Does this mean that the backend database server is Visual FoxPro? I
> was hoping for an MSSQL server listeing at the backend.
>
> I also did a simple XSS test on the username field
> <script>alert('vulnerable');</script>
> and got following:
>
> Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
>
> [Microsoft][ODBC Visual FoxPro Driver]Command contains unrecognized
> phrase/keyword.
>
> /home.asp, line 34
>
> But nothing really popped up. So I don't think it is vulnerable to
> XSS. Maybe the error came due to the ' in the statement.
>
> Looking forward to some inputs from SQL Injection champions and anyone
> who has some tricks in mind that I can play on this server.
>
> Thanks.
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Lancope
>
> "Discover the Security Benefits of Cisco NetFlow"
> Learn how Cisco NetFlow enables cost-effective security across distributed
> enterprise networks. StealthWatch, the veteran Network Behavior Analysis 
> (NBA)
> and Response solution, leverages Cisco NetFlow to provide scalable,
> internal network security.
> Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and 
> Response
> Systems in the Enterprise."
>
> http://www.lancope.com/resource/
> ------------------------------------------------------------------------------


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------