Sigma ISP Manager Input Validation Flaw in 'sigmaweb.dll' Permits SQL Injection
SecurityTracker Alert ID: 1013979|
SecurityTracker URL: http://securitytracker.com/id/1013979
(Links to External Site)
Date: May 17 2005
Disclosure of system information, Disclosure of user information, User access via network|
Exploit Included: Yes |
Last Samurai reported a vulnerability in Sigma ISP Manager. A remote user can inject SQL commands.|
The '/scripts/sigmaweb.dll' file does not properly validate user-supplied input in the username, password, and domain fields. A remote user can supply specially crafted 'email' parameter value to execute SQL commands on the underlying database.
A demonstration exploit value is provided:
: /' /'.' por //":>>?>>??>+_+_)()((**&^%^%%$#!?><>><><?/?""""''':L:L"">:"
The original advisory is available at:
A remote user can execute SQL commands on the underlying database.|
No solution was available at the time of this entry.|
Vendor URL: www.atinegar.com/sigma.aspx (Links to External Site)
Input validation error|
|Underlying OS: Windows (2000), Windows (2003)|
Source Message Contents
Subject: sigma isp manager 6.6|
Software Package : Sigma ISP Manager 6.6 (prior versions are also vulnerable)
Vendor Homepage : http://www.atinegar.com/sigma.aspx
Platforms : Windows (Any)
Vulnerability : Injection
Risk : critical!
Vulnerable Versions: All version
Sigma ISP Manager is a powerfull accounting service for ISPs.
It also has a Web interface.It can work with Cisco Routers/Access
servers, Portmasters, Multiport etc.It has a flexible permission
based authorization for admins, each admin is permitted to do a job
only if he has been given related permissions.Its Groups are charging
rules that define how much credit will be consumed by logged on users
based on Time of day.
lthere are some vulns in Sigma ISP Manager 6.6 & prior
versions which can be exploited
by malicious people to conduct
Input passed to the "User Name,Password & Domain" field in
properly sanitised before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting codes
this is the login file
username: a very long sting of codes nad data like
: /' /'.' por //":>>?>>??>+_+_)()((**&^%^%%$#!?><>><><?/?""""''':L:L"">:":.
password: the same as username
Domain: the same as username
by using these sql attacks you can find the tables of the database
and disclose the critical information.when you insert these codes
the face of the page will be changed
so when inserting it gives you some errors!
contact me at Last.Samurai@gmail.com
thanks to udnst and all under9round digital security members
Discovered by last samurai