SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   ScriptMate User Manager Vendors:   ScriptMate
ScriptMate User Manager Input Validation Holes Permit Cross-Site Scripting Attacks and SQL Command Injection
SecurityTracker Alert ID:  1017384
SecurityTracker URL:  http://securitytracker.com/id/1017384
CVE Reference:   CVE-2006-6582, CVE-2006-6583, CVE-2006-6594, CVE-2006-6595   (Links to External Site)
Updated:  May 22 2008
Original Entry Date:  Dec 14 2006
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Exploit Included:  Yes  
Version(s): 2.1 and prior versions
Description:   HackersCenter IT Security Team reported a vulnerability in ScriptMate User Manager. A remote user can conduct cross-site scripting attacks. A remote user can inject SQL commands.

The 'login' action of the '/smusermanager/members/default.asp' script does not properly filter HTML code from user-supplied input in the 'members_username' and 'members_password' fields before displaying the input. A remote user can create a specially crafted POST request that, when submitted by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the ScriptMate User Manager software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Other fields may be affected.

The software also does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

Several scripts in the 'Manage Resources' administration are affected.

The 'mesid' parameter in the '/smusermanager/utilities/usermessages.asp' script in version 2.0 is affected.

The vendor has been notified.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the ScriptMate User Manager software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A remote user can execute SQL commands on the underlying database.

Solution:   No solution was available at the time of this entry.
Vendor URL:  www.scriptmate.com/products/smumv1/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  ScriptMate advisory

ScriptMate User Manager is a Password Protection and User Management System for any 
website running on ASP. It comes with complete source code and can be configured 
through a simple config file. ScriptMate User Manager can be completely administered 
from a web browser. It comes with a Microsoft Access Database. ScriptMate User Manager 
is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently 
sanitize user-supplied input data. SQL Injectionions also work. Exploiting these issues 
may allow an attacker to execute HTML and script code in the context of the affected 
site, to steal cookie-based authentication credentials, or to control the site. The 
Logins and Search box are also vul to xss attacks and may leak important data. The 
Vendor has been contacted.

This issue affects version 2.1 and older version is vulnerable.

Vendor: www.scriptmate.com

Credit: HackersCenter IT Security Team (http://www.HackersCenter.com/)

Date Found: 12/8/2006

Class: Input Validation Error

Remote: Yes

Local: Yes

XSS: example used "><plaintext>

Login: "/smusermanager/members/default.asp?action=login"

- input XSS for [user] and [password]

Exploit: Exploit Is not needed.

SQL Hole: (version 2.0)

"/smusermanager/utilities/usermessages.asp?mesid=[SQL]"

Version 2.1 is also be vulnerable to sql attack.

Many SQL attacks are posible in the "Manage Resources"

Test The app for free here:

http://smum.scriptmate.net/smusermanager/admin/default.asp?action=home

Have a burning question? Go to Yahoo! Answers and get answers from real people who know. 
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC