10 SQL injection vulnerabilities στο ASPPortal

10 SQL injection vulnerabilities στο ASPPortal

Από {Alex}

Περισσότερα από 10 SQL injection vulnerabilities στο ASPPortal
Όσοι από εσάς έχουν εγκαταστήσει το ASPPortal από http://www.aspportal.net κατεβάστε την νέα έκδοση.


CodeScan Labs (www.codescan.com), has recently released a new source
code scanning tool, CodeScan. CodeScan is an advanced auditing tool
designed to check web application source code for security vulnerabilities.
CodeScan utilises an intelligent source code parsing engine, traversing
execution paths and tracking the flow of user supplied input.
During the ongoing testing of CodeScan ASP, ASPPortal v3.00 was selected
as one of the test applications.
This advisory is the result of research into the security of ASPPortal,
based on the report generated by the CodeScan tool.
== Vulnerability Details ==
More than 10 SQL injection vulnerabilities were discovered in the
application that could be exploited by either unauthenticated users,
or from a normal user account.
Most of the SQL calls were done without any sort of filtering such
as is shown in this code snippet;
sql = "SELECT Forums_Reply.Reply_ID, Forums_Reply.Topic_ID,
Forums_Reply.Author,users.Firstname, users.Lastname,
users.Email, users.Signature, users.Active,
Forums_Reply.Reply_Message, Forums_Reply.Enable_Sign,
Forums_Reply.Enable_EMail, Forums_Reply.Date_Added,
Forums_Reply.IsActive FROM Forums_Reply INNER JOIN
users ON Forums_Reply.Author =users.User_id
Where Topic_ID=" & request("topic") & ""
set rs1 = cn.Execute(sql)
The previous code was found to be vulnerable if the following
conditions were met;
request("mail")="ON" &
request("newreply")="Create Reply" &
Over 50 cross site scripting vulnerabilities were discovered throughout
the application. These were either the use of direct output of user
input such as;
or user input displayed using response.write
response.write "details has been sent to "&request("getemail")
== Solutions ==
CodeScan Labs has been in contact with the vendor and a new version
of the software has been released to address a number of the discovered
Users are advised to upgrade to the latest version from

   Πίσω στην προηγούμενη σελίδα