Techno Dreams Scripts Vulnerabilities

2005.10.26
Credit: Farhad Koosha
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2005-3386
CWE: N/A


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

[KAPDA::#9]Techno Dreams Scripts Vulnerabilities KAPDA New advisory Vulnerable products : Techno Dreams Announcement Script Techno Dreams Guestbook Script Techno Dreams Mailing List Script Techno Dreams WebDirectory Script Vendor: http://www.t-dreams.com/ Risk: High Vulnerability: Sql injection Date : -------------------- 2005/10/22 About Techno Dreams Scripts -------------------- Techno Dreams Announcement Script If you have a site and want to make a section for Announcements or Recent News, then you might need this script. Techno Dreams Guestbook Script It uses MS Access with ability to be upgraded into SQL. Now, we've added an Admin Area for the script. Techno Dreams Mailing List Script : Let your visitors join your mailing list... and send mass emails to all of this list. Very good but simple ASP script (MS Access but SQL upgradeable). Techno Dreams WebDirectory : Simple yet effect search engine (if we could say about it; since it's look like a web directory). With some advance features like approval, hits, categories, advance search, admin area, what's new, new updated, and what's hot... Vendor`s description : http://www.t-dreams.com/downloads.asp Discussion : ---------------- Several scripts do not properly validate user-supplied input. A remote user can create specially crafted parameter values that will execute SQL commands on the underlying database. Vulnerabilities: -------------------- Sql injection in /admin/login.asp (Announcement - Guestbook - WebDirectory) Sql injection in /login.asp ( Mailing List) at parameter named 'userid'. Attacker can enter SQL command to login as low-level user.(For all products) Proof of Concepts: -------------------- <html> <h1>Techno Dreams Announcement - Guestbook - WebDirectory Script Login-Bypass PoC - Kapda `s advisory </h1> <p> Discovery and exploit by farhadkey [at} kapda.ir</p> <p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers Institute of Iran</a></p> <form method="POST" action="http://[target]/admin/login.asp"> <input type="hidden" name="userid" value="[SQL Injection]"> <input type="hidden" name="passwd" value="1"> <input type="submit" value="Submit" name="submit"> </form></html> <html> <h1>Techno Dreams Mailing List Script Login-Bypass PoC - Kapda `s advisory </h1> <p> Discovery and exploit by farhadkey [at} kapda.ir</p> <p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers Institute of Iran</a></p> <form method="POST" action="http://[target]/login.asp"> <input type="hidden" name="userid" value="[SQL Injection}"> <input type="hidden" name="passwd" value="1"> <input type="submit" value="Submit" name="submit"> </form></html> Solution: -------------------- No patch`s released yet by vendor. More Detail: -------------------- http://www.kapda.ir/advisory-103.html Visit Above Link for more details. Credit : -------------------- Farhad Koosha of KAPDA farhadkey [at} kapda.ir Kapda - Security Science Researchers Insitute of Iran http://www.KAPDA.ir (PersianHacker.NET)


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top