[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    [ZH2005-13SA] NEXTWEB (i)Site website management multiple
From:       Jim Pangalos <dpangalos () linuxmail ! org>
Date:       2005-06-01 15:40:28
Message-ID: 20050601154028.28127.qmail () www ! securityfocus ! com
[Download RAW message or body]



ZH2005-13SA (security advisory): NEXTWEB (i)Site™ multiple vulnerabilities
Published: 1 June 2005 - GOOD MONTH EVERYBODY ;-)

Released: 1 June 2005

Name: (i)Site™ 

Affected Versions: ALL

Issue: SQL injections, exception handling, unsafe directories

Author: Trash-80 - dpangalos@zone-h.org

Vendor: http://www.nextweb.gr & http://www.isite.gr



Description

***********

Zone-H Security Team has discovered multiple vulnerabilities in (i)Site website \
management system. An expensive web application with high-profiled customers. Unsafe \
directories, SQL injection vulnerabilities, failures to validate user inputs and to \
handle exceptional conditions were found in (i)Site.


Details

******* 


1. SQL injection in login.asp

You are able to bypass the authentication process by sending a crafted
username and password that changes the SQL query in login.asp and thus
grants you with access to the administration of (i)Site.


e.g. www.victim.com/admin/login.asp
usename: attacker
password: ' or 'a'='a


2. Databases are not located in a safe directory. Remote scanners used for malicious \
intends are checking for unsafe database directories. Locating the databases out of \
the webroot is a good solution. Thus, downloading Users.mdb file discloses me the \
administrator's username and password.


e.g www.victim.com/databases/Users.mdb


3. Failure to handle exceptional conditions and validating user inputs. The following \
will cause an error 500 for a few minutes.


e.g. www.victim.com/isite/page/*.asp?mu=&cmu='


Solution:

*********

Vendor has been contacted on May 24th.
Since then, vendor did not reply to a series of e-mails informing him about the \
vulnerabilities in (i)Site.


Trash-80 form Zone-H Security Labs - dpangalos@zone-h.org - zetalabs@zone-h.org


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic