CJWSoft ASPGuest GuestBook 'edit.asp' - SQL Injection Vulnerability



Title: CJWSoft ASPGuest GuestBook 'edit.asp' - SQL Injection Vulnerability

Product : CJWSoft ASPGuest GuestBook

Version : Free Version

Vendor: http://www.cjwsoft.com/aspguest/default.asp

Class: Input Validation Error

CVE:

Remote: Yes

Local: No

Published: 2012-02-24

Updated:

Impact : Medium (CVSSv2 Base : 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P)

Bug Description :
Page 'edit.asp' of CJWSoft ASPGuest GuestBook(Free Version) is vulnerable with Security Access Control Bypass and SQL Injection Vulnerability.

POC:
#-------------------------------------------------------------
1) Security Access Control Bypass
Page 'edit.asp' is a page for editing message as administrator privilege, but it can be viewed without authentication by everyone.

2) SQL Injection
http://victim/guestbook/admin/edit.asp?ID=8 and 1=1
http://victim/guestbook/admin/edit.asp?ID=8 and 1=2
etc...
#-------------------------------------------------------------

Advice:
1) Add 'Session()' for authentication into 'edit.asp'.
2) Use 'cint()' for converting type of ID into 'edit.asp'.

Credits : This vulnerability was discovered by demonalex@xxxxxxx
mail: demonalex@xxxxxxx / ChaoYi.Huang@xxxxxxxxxxxxxxxx
Pentester/Researcher
Dark2S Security Team/PolyU.HK



Relevant Pages

  • SecurityFocus Microsoft Newsletter #239
    ... CartWIZ ProductCatalogSubCats.ASP SQL Injection Vulnerabilit... ... CartWIZ ProductDetails.ASP SQL Injection Vulnerability ... ImageMagick PNM Image Decoding Remote Buffer Overflow Vulner... ...
    (Focus-Microsoft)
  • SonicBB version 1.0 Multiple SQL Injection Vulnerabilities
    ... SonicBB version 1.0 Multiple SQL Injection Vulnerabilities ... SonicBB is a user-friendly and fully customizable bulletin board package. ... SonicBB is compatible with any web server/operating system combo with PHP 4.x or higher installed.SonicBB is the ideal community software for all sites. ... SQL Injection Vulnerability 1: ...
    (Bugtraq)
  • [Full-disclosure] [Bkis-12-2009] eoCMS SQL injection vulnerability - Bkis Report
    ... eoCMS is an open source code software which is used to develop Internet ... SQL injection vulnerability in some functions of eoCMS. ... Discovered by: Bkis ...
    (Full-Disclosure)
  • [Bkis-12-2009] eoCMS SQL injection vulnerability - Bkis Report
    ... eoCMS is an open source code software which is used to develop Internet ... SQL injection vulnerability in some functions of eoCMS. ... Bkis has informed the software developer team, and they have patched the vulnerability in the latest software version - eoCMS 0.9.02. ...
    (Bugtraq)
  • [Full-disclosure] myBloggie version 2.1.6 Multiple SQL Injection Vulnerability
    ... myBloggie version 2.1.6 Multiple SQL Injection Vulnerability ... A security problem in the product allows attackers to commit SQL injection. ... Create html file with the next content and place it for example on ...
    (Full-Disclosure)