Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Password Protect XSS and SQL-Injection vulnerabilities.
From: Criolabs <security () criolabs net>
Date: Mon, 30 Aug 2004 19:16:46 -0400
****************************************************************************************************
                                             CRIOLABS  

- Software:   Password protect   
- Type:       User Authentication
- Company:    Web Animations
- Date:       30-8-2004


****************************************************************************************************


## Software ##

Software:   Password protect     
Versions:   All  
Languaje:   ASP
Plataforms: Win nt, 2000, xp 
Web:        http://www.webanimations.com.au/


The ultimate protection including unlimited user names and passwords each checking their individual
ip address. You can add 1 ip address or include a range for the users with various IP address's 
when they log in.    



## Affected part ## 

- ChangePassword.asp     (XSS in ShowMsg, SQL Injection in LoginId and OPass variables)
- index.asp              (XSS in ShowMsg)
- index_next.asp         (SQL Injection in admin and Pass variables)
- users_list.asp         (XSS in ShowMsg variable)
- users_add.asp          (XSS in ShowMsg variable, SQL Injection)
- users_edit.asp         (XSS, SQL Injection)



## Vulnerabilities ##


        ### SQL Injection ###

        A remote user can use an sql-injection attack to login as admin or manipulate the database.
        index_next.asp, ChangePassword.asp, users_edit.asp, users_add.asp are affected.
        
        
        Example:
        
        /adminSection/index_next.asp?
        admin = (SQLInjection) Pass = (SQLInjection)  
        
        /adminSection/ChangePassword.asp?
        LoginId=(SQLInjection) OPass=(SQLInjection) NPass=(SQLInjection) CPass=(SQLInjection)   
        


        ### Cross-site Scripting ###
        
        This software do not filter HTML code from user-supplied input in some scripts.
        
        
        Example:

        /adminSection/index.asp?ShowMsg=(XSS)
        /adminSection/ChangePassword.asp?ShowMsg=(XSS)
        /adminSection/users_list.asp?ShowMsg=(XSS)
        /adminSection/users_add.asp?ShowMsg=(XSS)       
        



## History ##

Vendor contacted: Fri, 06 Aug 2004, no response. 



## Credits ##

Criolabs staff
http://www.criolabs.net 

Original advisory and proof of concept in http://www.criolabs.net/advisories/passprotect.txt

  By Date           By Thread  

Current thread:
  • Password Protect XSS and SQL-Injection vulnerabilities. Criolabs (Sep 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]