Echo Security Advisory 2005.21

Echo Security Advisory 2005.21: Posted Jun 25, 2005; Authored by Echo Security, the_day | Site theday.echo.or.id; SQL injection and cross site scripting vulnerabilities exist in ActiveBuyAndSell version 6.2.; tags | exploit, vulnerability, xss, sql injection; SHA-256 | c592a6b683d88e7fa532d3f0a9b9ee2e7214b8eb24a5a2409aa74d042cca2d84; Download | Favorite | View

Echo Security Advisory 2005.21

---------------------------------------------------------------------------
[ECHO_ADV_21$2005] MUltiple Vulnarable In ActiveBuyAndSell
---------------------------------------------------------------------------

Author: Dedi Dwianto
Date: June, 24th 2005
Location: Indonesia, Jakarta
Web: http://echo.or.id/adv/adv21-theday-2005.txt

---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : ActiveBuyAndSell
version  : 6.2
URL  : http://ActiveWebSoftwares.com
Author : ActiveWebSoftwares
Description :

ActiveBuyAndSell is a Web-based application that connects people selling products 
and services with people looking to buy products and services. Uses MS SQL or 
Access database. Full ASp source code included.
  
---------------------------------------------------------------------------

Vulnerabilities:
~~~~~~~~~~~~~~~~

A. SQL Injection:
   
   * http://victim/ebuyandsell/default.asp?catid=[SQL inject]

   * http://victim/ebuyandsell/buyersend.asp?catid=[SQL inject]

   * http://victim/ebuyandsell/admin.asp
     In this pages vulnarable sql injection in form input
  
  POC : 
    Administrator ID :[SQL Inject]
    Password   :blank

  
   * http://victim/ebuyandsell/advertiserstart.asp

  POC :
    E-mail Address  :[SQL inject]
    Password  :blank

   * http://victim/ebuyandsell/buyer.asp

  POC :
    E-mail    :[SQL inject]
    Password  :blank

   * http://victim/ebuyandsell/search.asp

  POC :
    Keyword    :[SQL inject]


B. Xss
  
   * http://victim/ebuyandsell/sendpassword.asp?Table=Buyer&Title=[XSS]&EmailFld=BEmail

  POC :

  http://victim/ebuyandsell/sendpassword.asp?Table=Buyer&Title=<script>alert('test')</script>&EmailFld=BEmail

  * http://victim/ebuyandsell/search.asp

  POC :
    Keyword    : <script>alert('dudul')</script>

   
C. Fix

   Vendor allready contacted but still no response and i can't fix it because
   i can't view source code :lol

---------------------------------------------------------------------------

Shoutz:
~~~~~~~

~ y3dips, moby, comex, z3r0byt3, K-159, c-a-s-e, S`to, lirva32, anonymous
~ Lieur Euy , MSR
~ newbie_hacker@yahoogroups.com ,
~ #e-c-h-o@DALNET

---------------------------------------------------------------------------
Contact:
~~~~~~~~

     the_day || echo|staff || the_day[at]echo[dot]or[dot]id
     Homepage: http://theday.echo.or.id/

-------------------------------- [ EOF ] ----------------------------------

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Echo Security Advisory 2005.21

Echo Security Advisory 2005.21

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Echo Security Advisory 2005.21

Share This

Echo Security Advisory 2005.21

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems