|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA10879] ASP Portal Multiple Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Mon Feb 16 2004 - 06:43:29 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
ASP Portal Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA10879
VERIFY ADVISORY:
http://secunia.com/advisories/10879/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Cross Site Scripting
WHERE:
From remote
SOFTWARE:
ASP Portal
DESCRIPTION:
Manuel López has identified multiple vulnerabilities in ASP Portal,
allowing malicious people to conduct SQL injection and Cross Site
Scripting attacks.
1) Input passed to the "inc", "searchtext", and "article" parameters
in "index.asp" isn't properly verified before it is returned to the
user. This can be exploited to include arbitrary HTML and script
code.
2) Input to the "photograph URL" field in the user profile isn't
properly verified, which can be exploited to include arbitrary script
code.
3) Input passed to the "pageid" and "downloadscat" parameters in
"index.asp" and the value read from the "thenick" parameter in
cookies isn't properly verified before it is used in an SQL query.
This can be exploited manipulate SQL queries by inserting arbitrary
SQL code.
SOLUTION:
Apply patch:
http://www.aspportal.net/downloadsviewer.asp?theurl=38
PROVIDED AND/OR DISCOVERED BY:
Manuel López
ORIGINAL ADVISORY:
http://www.aspportal.net/index.asp?inc=newsread&article=91
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]