SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Security)  >   Secure Login Manager Vendors:   DMXReady
Secure Login Manager Missing Input Validation Permits Cross-Site Scripting Attacks in Certain Cases
SecurityTracker Alert ID:  1017448
SecurityTracker URL:  http://securitytracker.com/id/1017448
CVE Reference:   CVE-2006-6815   (Links to External Site)
Updated:  May 20 2008
Original Entry Date:  Dec 27 2006
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Exploit Included:  Yes  
Version(s): 1.0
Description:   A vulnerability was reported in Secure Login Manager. A remote user can conduct cross-site scripting attacks in certain cases.

Several administrative scripts do not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted POST request that, when loaded by an authenticated, target administrative user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Secure Login Manager software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The various parameters in the '/set_preferences.asp', '/send_password_preferences.asp', and '/SecureLoginManager/list.asp' scripts are affected.

Doz from Hackers Center Security Group reported this vulnerability.

[Editor's note: An administrator can conduct cross-site scripting attacks. However, an administrative user already has privileges to view and modify a user's password without conducting any attacks. A remote user can conduct cross-site scripting attacks only if an authenticated administrator can be forced to load the remote user's arbitrary HTTP POST request.]

Impact:   In certain limited situations, a remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Secure Login Manager software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.dmxready.com/productdetails.asp?ItemID=17 (Links to External Site)
Cause:   Input validation error
Underlying OS:   Windows (Any)

Message History:   None.


 Source Message Contents

Date:  Wed, 27 Dec 2006 17:07:17 +0000
Subject:  Secure Login Manager Multiple Input Validation Vulnerabilities

Secure Login Manager 1.0 is a program where the users can access the password protected webpages on their website. This program avoids
 unauthorized access by the users on webpage. Redirect unauthorized users to login page, manage users; passwords via admin page, configure
 up to 3 levels of security. Includes MS Access database. (100% Customizable in Dreamweaver) An attacker may leverage this issue to
 have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the
 attacker steal cookie-based authentication credentials and launch other attacks.


Hackers Center Security Group (http://www.hackerscenter.com)
Doz's Advisory


Risk: Medium to High
Vendor: www.dmxready.com
Class: Input Validation Error


Vulnerable: 1.0

Exploit: Attackers can exploit these issues via a web client.


Remote: SQL
Local: SQL & XSS


(Local-Admin Panel) XSS & SQL

Secure Login Manager 1.0


/set_preferences.asp

/send_password_preferences.asp

/SecureLoginManager/list.asp



(Remote-WebSite) SQL

login.asp SQL pages

/login.asp?sent=[sql]
/content.asp?mid=31&incid=17&sent=[sql]
/members.asp??sent=[sql]

Live Demo: SQL

/applications/SecureLoginManager/inc_secureloginmanager.asp?sent=[SQL]

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC