ScriptMate User Manager Input Validation Holes Permit Cross-Site Scripting Attacks and SQL Command Injection
SecurityTracker Alert ID: 1017384|
SecurityTracker URL: http://securitytracker.com/id/1017384
CVE-2006-6582, CVE-2006-6583, CVE-2006-6594, CVE-2006-6595
(Links to External Site)
Updated: May 22 2008|
Original Entry Date: Dec 14 2006
Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network|
Exploit Included: Yes |
Version(s): 2.1 and prior versions|
HackersCenter IT Security Team reported a vulnerability in ScriptMate User Manager. A remote user can conduct cross-site scripting attacks. A remote user can inject SQL commands.|
The 'login' action of the '/smusermanager/members/default.asp' script does not properly filter HTML code from user-supplied input in the 'members_username' and 'members_password' fields before displaying the input. A remote user can create a specially crafted POST request that, when submitted by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the ScriptMate User Manager software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Other fields may be affected.
The software also does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
Several scripts in the 'Manage Resources' administration are affected.
The 'mesid' parameter in the '/smusermanager/utilities/usermessages.asp' script in version 2.0 is affected.
The vendor has been notified.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the ScriptMate User Manager software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.|
A remote user can execute SQL commands on the underlying database.
No solution was available at the time of this entry.|
Vendor URL: www.scriptmate.com/products/smumv1/ (Links to External Site)
Input validation error|
|Underlying OS: Windows (Any)|
Source Message Contents
Subject: ScriptMate advisory|
ScriptMate User Manager is a Password Protection and User Management System for any
website running on ASP. It comes with complete source code and can be configured
through a simple config file. ScriptMate User Manager can be completely administered
from a web browser. It comes with a Microsoft Access Database. ScriptMate User Manager
is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently
sanitize user-supplied input data. SQL Injectionions also work. Exploiting these issues
may allow an attacker to execute HTML and script code in the context of the affected
site, to steal cookie-based authentication credentials, or to control the site. The
Logins and Search box are also vul to xss attacks and may leak important data. The
Vendor has been contacted.
This issue affects version 2.1 and older version is vulnerable.
Credit: HackersCenter IT Security Team (http://www.HackersCenter.com/)
Date Found: 12/8/2006
Class: Input Validation Error
XSS: example used "><plaintext>
- input XSS for [user] and [password]
Exploit: Exploit Is not needed.
SQL Hole: (version 2.0)
Version 2.1 is also be vulnerable to sql attack.
Many SQL attacks are posible in the "Manage Resources"
Test The app for free here:
Have a burning question? Go to Yahoo! Answers and get answers from real people who know.