[NT] ASP Client Check SQL Injection Vulnerability
From: support@securiteam.comDate: 05/06/02
- Previous message: support@securiteam.com: "[NT] Digitally Signed Vulnerability Components Pose a Viable Threat"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Mon, 6 May 2002 19:19:16 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
ASP Client Check SQL Injection Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://www.instagib.com/pm/aspcc/default.asp?PollNum=3> ASP Client Check
is a user-authentication "front-end" script. Users enter their Username
and Password in the form and the script calls the database's "users" table
searching for the Username entered. If the submitted Password corresponds
correctly with a valid Username, your custom subroutine is executed. If
the Username or Password is unknown or wrong, users will get a
corresponding response. Cookies (for saving username/passwords) and
logging features are also included. The product has been found to contain
a vulnerability that would allow an attacker to bypass the protection
provided by the product.
DETAILS
Vulnerable systems:
ASP Client Check version 1.5 and prior
Immune systems:
ASP Client Check version 1.6
By inserting malicious SQL code and utilizing a known username, it is
possible for an attacker to gain access to restricted pages.
Example code
This example will show how you can logon under a certain user while only
knowing their username:
Username: ' union select username from users where username='Jim
Password: Jim
Vendor response:
The author has been contacted and no response has been received.
ADDITIONAL INFORMATION
The information has been provided by <mailto:derek@sybodek.com> Derek
Hinch.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Digitally Signed Vulnerability Components Pose a Viable Threat"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
