[NEWS] VP-ASP Multiple Security Vulnerabilities

From: support@securiteam.com
Date: 05/27/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Mon, 27 May 2002 20:12:30 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  VP-ASP Multiple Security Vulnerabilities
------------------------------------------------------------------------

SUMMARY

 <http://www.vpasp.com/> VP-ASP combines ease of use and powerful features
with unlimited customization. Based on feedback from many successful
VP-ASP e-commerce sites, Version 4.0 builds on solid technology but now
expands that technology to an e-commerce system without peer.
Unfortunately, the product has been found to contain multiple security
vulnerabilities.

DETAILS

Path Information Disclosure Vulnerability:
Included in VP-ASP is a diagnostic tool shopdbtest.asp, which will give
anyone the location to the database file. This is returned inside the
value of xDatabase.

Insecure permissions on configuration file:
By default the Microsoft access configuration and storage file is named
shopping400.mdb/shopping300.mdb, and is readable from the Internet, a bad
thing considering that it contains most, if not all of the configuration
data including person details and credit card details that are by default,
in its unencrypted form.

SQL Injection:
By default the login/passwords are vpasp/vpasp or admin/admin, many web
sites did not change from the default values, thus in some places, anyone
can login from the web interface simply by accessing:

http:/ / [ host ] / [ vpasp dir ] /shopadmin.asp

Further, due to SQL injection vulnerability it is possible to bypass the
username and password authentication mechanism by entering the following
value inside the username and password field:
'or''='

ADDITIONAL INFORMATION

The information has been provided by <mailto:alias404@hotmail.com> hkvrg
thdftghr and <mailto:expert@securiteam.com> SecurITeam Experts.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages