NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2004-09

Password Protect XSS and SQL-Injection vulnerabilities.

From: Criolabs (securitycriolabs.net)
Date: Mon Aug 30 2004 - 18:16:46 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

****************************************************************************************************
CRIOLABS

- Software: Password protect
- Type: User Authentication
- Company: Web Animations
- Date: 30-8-2004

****************************************************************************************************

## Software ##

Software: Password protect
Versions: All
Languaje: ASP
Plataforms: Win nt, 2000, xp
Web: http://www.webanimations.com.au/

The ultimate protection including unlimited user names and passwords each checking their individual
ip address. You can add 1 ip address or include a range for the users with various IP address's
when they log in.

## Affected part ##

- ChangePassword.asp (XSS in ShowMsg, SQL Injection in LoginId and OPass variables)
- index.asp (XSS in ShowMsg)
- index_next.asp (SQL Injection in admin and Pass variables)
- users_list.asp (XSS in ShowMsg variable)
- users_add.asp (XSS in ShowMsg variable, SQL Injection)
- users_edit.asp (XSS, SQL Injection)

## Vulnerabilities ##

### SQL Injection ###

        A remote user can use an sql-injection attack to login as admin or manipulate the database.
        index_next.asp, ChangePassword.asp, users_edit.asp, users_add.asp are affected.


        Example:

        /adminSection/index_next.asp?
        admin = (SQLInjection) Pass = (SQLInjection)

        /adminSection/ChangePassword.asp?
        LoginId=(SQLInjection) OPass=(SQLInjection) NPass=(SQLInjection) CPass=(SQLInjection)

        ### Cross-site Scripting ###

        This software do not filter HTML code from user-supplied input in some scripts.


        Example:

        /adminSection/index.asp?ShowMsg=(XSS)
        /adminSection/ChangePassword.asp?ShowMsg=(XSS)
        /adminSection/users_list.asp?ShowMsg=(XSS)
        /adminSection/users_add.asp?ShowMsg=(XSS)

## History ##

Vendor contacted: Fri, 06 Aug 2004, no response.

## Credits ##

Criolabs staff
http://www.criolabs.net

Original advisory and proof of concept in http://www.criolabs.net/advisories/passprotect.txt

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]