Active News Manager Input Validation Hole in 'password' Parameter Lets Remote Users Inject SQL Commands
|
|
SecurityTracker Alert ID: 1014057
|
|
SecurityTracker URL: http://securitytracker.com/id?1014057
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: May 26 2005
|
Impact: Disclosure of system information, Disclosure of user information, User access via network
|
Exploit Included: Yes
|
Description: Romty (Morteza Panahi) reported a vulnerability in Active News Manager. A remote user can inject SQL commands.
The 'admin/login.asp' script does not properly validate user-supplied input in the 'password' parameter. A remote user can supply
specially crafted parameter values to execute SQL commands on the underlying database. This can be exploited, for example, to gain
administrative access to the application.
Some demonstration exploit values are provided:
Uername =admin
Password= ' or ''='
The
original advisory is available at:
http://www.under9round.com/anm.txt
|
Impact: A remote user can execute SQL commands on the underlying database.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.dotnetindex.com/activenews.asp (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Windows (Any)
|
Reported By: sh4wsh4nk <romty.hdd@gmail.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 25 May 2005 07:02:45 +0430
From: sh4wsh4nk <romty.hdd@gmail.com>
Subject: Advisory ---Active News Manager login.asp Sqlinjection
|
ADVISORY INFORMATION
--------------------------------------------------------------------------------------------
Software Package : Active News Manager
Vendor Homepage :http://www.dotnetindex.com/
Platforms :Windows Base Server
Vulnerability :Sqlinjection
Risk :High!
Vulnerable Versions :All Version
--------------------------------------------------------------------------------------------
SUMMARY
--------------------------------------------------------------------------------------------
Active News Manager is a Web-based ASP News manage ment system
By using that you can Publishing News or any other news related
information to your website
--------------------------------------------------------------------------------------------
EXPLOIT
--------------------------------------------------------------------------------------------
Uername =admin
Password= ' or ''='
This Is The Login File>>> admin/login.asp
By Using This User And Password You Will Be Taken to Admin Control Panel
--------------------------------------------------------------------------------------------
HOME PAGE
--------------------------------------------------------------------------------------------
Http://www.under9round.com
--------------------------------------------------------------------------------------------
SOLUTION
--------------------------------------------------------------------------------------------
Contact Me At: udnst@yahoo.com
--------------------------------------------------------------------------------------------
GREETINGS
--------------------------------------------------------------------------------------------
Specilas Greetz To My Best Friend Last-Samurai And All Under9round
Digital Security Members
--------------------------------------------------------------------------------------------
CEREDITS
--------------------------------------------------------------------------------------------
Discovered by Romty (Morteza Panahi)
--------------------------------------------------------------------------------------------
REFERENCES
--------------------------------------------------------------------------------------------
http://www.under9round.com/anm.txt
<<<<<<<<<<<<<<<<<<<< UNDER9ROUND
DIGITAL SECURITY TEAM
-- Shawshank Redemption
|
|
