SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Sigma ISP Manager Vendors:   Atinegar
Sigma ISP Manager Input Validation Flaw in 'sigmaweb.dll' Permits SQL Injection
SecurityTracker Alert ID:  1013979
SecurityTracker URL:  http://securitytracker.com/id/1013979
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 17 2005
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Exploit Included:  Yes  
Version(s): 6.6
Description:   Last Samurai reported a vulnerability in Sigma ISP Manager. A remote user can inject SQL commands.

The '/scripts/sigmaweb.dll' file does not properly validate user-supplied input in the username, password, and domain fields. A remote user can supply specially crafted 'email' parameter value to execute SQL commands on the underlying database.

A demonstration exploit value is provided:

: /' /'.' por //":>>?>>??>+_+_)()((**&^%^%%$#!?><>><><?/?""""''':L:L"">:"

The original advisory is available at:

http://www.under9round.com/sigma.txt

Impact:   A remote user can execute SQL commands on the underlying database.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.atinegar.com/sigma.aspx (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (2000), Windows (2003)

Message History:   None.


 Source Message Contents

Subject:  sigma isp manager 6.6


<<<<Security Advisory>>>>

Advisory Information
-------------------------
Software Package   : Sigma ISP Manager 6.6 (prior versions are also vulnerable)
Vendor Homepage  : http://www.atinegar.com/sigma.aspx
Platforms               : Windows (Any)
Vulnerability           : Injection
Risk                       : critical!
Vulnerable Versions: All version

Summary
------------
Sigma ISP Manager is a powerfull accounting service for ISPs.
It also has a Web interface.It can work with Cisco Routers/Access
servers, Portmasters, Multiport etc.It has a flexible permission
based authorization for admins, each admin is permitted to do a job
only if he has been given related permissions.Its Groups are charging
rules that define how much credit will be consumed by logged on users
based on Time of day.

Exploit
---------
lthere are some vulns in Sigma ISP Manager 6.6  & prior
versions which can be exploited
by malicious people to conduct
injection attacks.

Input passed to the "User Name,Password & Domain" field in
"/scripts/sigmaweb.dll" isn't
properly sanitised before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting codes

this is the login file

http://target/scripts/sigmaweb.dll

username: a very long sting of codes nad data like

: /' /'.' por //":>>?>>??>+_+_)()((**&^%^%%$#!?><>><><?/?""""''':L:L"">:":.

password: the same as username
Domain: the same as username

by using these sql attacks you can find the tables of the database
and disclose the critical information.when you insert these codes
the face of the page will be changed
so when inserting it gives you some errors!

Home page
------------
WWW.UNDER9ROUND.COM

Solution
----------
contact me at Last.Samurai@gmail.com

Greetings
------------
thanks to udnst and all under9round digital security members

Credits
---------
Discovered by last samurai
Last.Samurai@gmail.com

References
-------------
http://www.under9round.com/sigma.txt

-- mehran.sg 
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC