Home page logo
/

bugtraq logo Bugtraq mailing list archives

[KAPDA::#61] - PacPoll <= 4.0 Multiple Vulnerabilities
From: farhadkey () yahoo com
Date: 25 Oct 2006 08:05:24 -0000

KAPDA New advisory

Vulnerable product : PacPoll <= 4.0
Vendor: http://www.pacosdrivers.com/asp/poll/poll.asp
Vulnerability: Admin Logon bypass , SQL_Injection

Date :
--------------------
Found : 2006/10/10
Vendor Contacted : N/A
Release Date : 2006/10/25

Vulnerabilities:
--------------------
Admin Logon bypass
The vulnerability is caused due to weak authentication mechanisms to restrict access to the admin pages.
This can be exploited to bypass authentication checks by setting the "polllog" cookie parameter to "xx" when accessing 
the page.
Successful exploitations allows access to administrative functions without requiring knowledge of the password, but 
requires that the user has not modified the source code to change the cookie value.
Admin/addpoll.asp , COOKIE : polllog=xx

SQL_Injection
Input passed to the "uid" and "pwd" parameters in 'Admin/check.asp' during login isn't properly sanitised before being 
used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Username : a' or 'a'='a
Password : 1' or '1'='1

Solution:
--------------------
No patch`s released yet by vendor.

Original Advisory:
--------------------
http://www.kapda.ir/advisory-445.html

Credit :
--------------------
FarhadKey of KAPDA
farhadkey [at} kapda <d0t> ir
Kapda - Security Science Researchers Insitute of Iran
http://www.KAPDA.ir


  By Date           By Thread  

Current thread:
  • [KAPDA::#61] - PacPoll <= 4.0 Multiple Vulnerabilities farhadkey (Oct 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault