Secunia Security Advisory - Hamid Ebadi has reported two vulnerabilities in ASP Stats Generator, which can be exploited by malicious people to conduct SQL injection attacks and potentially by malicious users to compromise a vulnerable system.
a5bed1879b1c21bd01812893ffb7f1e2ec7740e5ba7faddb583701631e268160
----------------------------------------------------------------------
Want to join the Secunia Security Team?
Secunia offers a position as a security specialist, where your daily
work involves reverse engineering of software and exploit code,
auditing of source code, and analysis of vulnerability reports.
http://secunia.com/secunia_security_specialist/
----------------------------------------------------------------------
TITLE:
ASP Stats Generator SQL Injection and Code Injection
SECUNIA ADVISORY ID:
SA20721
VERIFY ADVISORY:
http://secunia.com/advisories/20721/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data, System access
WHERE:
>From remote
SOFTWARE:
ASP Stats Generator 2.x
http://secunia.com/product/10522/
DESCRIPTION:
Hamid Ebadi has reported two vulnerabilities in ASP Stats Generator,
which can be exploited by malicious people to conduct SQL injection
attacks and potentially by malicious users to compromise a vulnerable
system.
1) Input passed to the "order" parameter in pages.asp isn't properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.
2) Input passed to the "strAsgSknPageBgColour" parameter in
settings_skin.asp isn't properly sanitised before being stored in the
inc_skin_file.asp file. This can be exploited to inject arbitrary ASP
code.
Successful exploitation requires a valid logon and requires that the
inc_skin_file.asp file is stored in a web accessible folder that
allows script execution.
The vulnerabilities have been reported in version 2.1.1. Prior
versions may also be affected.
SOLUTION:
Update to version 2.1.2.
http://www.weppos.com/asg/en/download.asp
PROVIDED AND/OR DISCOVERED BY:
Hamid Ebadi
ORIGINAL ADVISORY:
http://blog.asp-stats.com/index.php/2006/06/18/asp-stats-generator-v212/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------