SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   DUclassified Vendors:   DUware
DUclassified Input Validation Holes Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1011596
SecurityTracker URL:  http://securitytracker.com/id/1011596
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 11 2004
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Exploit Included:  Yes  

Description:   Soroush Dalili reported a vulnerability in DUclassified. A remote user can inject SQL commands. A remote user can also conduct cross-site scripting attacks.

It is reported that the software does not properly validate user-supplied input. A remote user can supply a specially crafted request to execute SQL commands on the underlying database.

The admin page does not validate the 'user' variable. A remote user can exploit this to be authenticated to the system as an administrator. A demonstration exploit is provided:

http://[URL]/DUclassified/admin/
user= admin' or '1'='1

It is also reported that the 'cat_id' parameter in 'adDetail.asp' is affected. A demonstration exploit is provided:

http://[URL]/DUclassified/adDetail.asp?cat_id=1;[SQL INJECT]&sub_id=1;[SQL INJECT]

It is also reported that the software does not filter HTML code from user-supplied input in messages. A remote user can submit a specially crafted message that, when viewed by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the DUclassified software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Impact:   A remote user can inject SQL commands to be executed by the underlying database.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the DUclassified software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution:   No solution was available at the time of this entry.
Vendor URL:  www.duware.com/products/detail.asp?iPro=19&iCat=9&nCat=Ad%20Management (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  DUclassified has some bug for SQL Injection and Css scripting attack


DUclassified is a free Classified Ad Management application. Backend
by Access database, DUclassified can store thousands of classified
ads in category. Each classified ad is displayed with picture, full
detail and description. Visitors can contact the ad's owner via a
form. Ad' owners can manage their ads via a user-friendly panel.
Vendor Url: www.DUware.com


Problem:

1-Sql Injection in admin page:
user can inject sql commands in admin page, for example:
http://[URL]/DUclassified/admin/
user= admin' or '1'='1

2-Sql Injection in ID:
for example you can excute your sql command by this:
http://[URL]/DUclassified/adDetail.asp?cat_id=1;[SQL
INJECT]&sub_id=1;[SQL INJECT]

2-Css Attack
you can send your script with your message and when other want to
read them, it will run in their computer!

Soroush Dalili
my web: http://www.grayhatz.com
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC