CJWSoft ASPGuest Guestbook suffers from a remote SQL injection vulnerability.
c72acf6ca595a62fece23658b0eb2507e203e0d75a326fcfbd23ff8d0d5ce465Title: CJWSoft ASPGuest GuestBook 'edit.asp' - SQL Injection Vulnerability
Product : CJWSoft ASPGuest GuestBook
Version : Free Version
Vendor: http://www.cjwsoft.com/aspguest/default.asp
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: 2012-02-24
Updated:
Impact : Medium (CVSSv2 Base : 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P)
Bug Description :
Page 'edit.asp' of CJWSoft ASPGuest GuestBook(Free Version) is vulnerable with Security Access Control Bypass and SQL Injection Vulnerability.
POC:
#-------------------------------------------------------------
1) Security Access Control Bypass
Page 'edit.asp' is a page for editing message as administrator privilege, but it can be viewed without authentication by everyone.
2) SQL Injection
http://victim/guestbook/admin/edit.asp?ID=8 and 1=1
http://victim/guestbook/admin/edit.asp?ID=8 and 1=2
etc...
#-------------------------------------------------------------
Advice:
1) Add 'Session()' for authentication into 'edit.asp'.
2) Use 'cint()' for converting type of ID into 'edit.asp'.
Credits : This vulnerability was discovered by demonalex@163.com
mail: demonalex@163.com / ChaoYi.Huang@connect.polyu.hk
Pentester/Researcher
Dark2S Security Team/PolyU.HK
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed