Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormDemonalexPACKETSTORM:110198
HistoryFeb 24, 2012 - 12:00 a.m.

CJWSoft ASPGuest Guestbook SQL Injection

2012-02-2400:00:00
demonalex
packetstormsecurity.com
15
JSON
`Title: CJWSoft ASPGuest GuestBook 'edit.asp' - SQL Injection Vulnerability  
  
Product : CJWSoft ASPGuest GuestBook  
  
Version : Free Version  
  
Vendor: http://www.cjwsoft.com/aspguest/default.asp  
  
Class: Input Validation Error   
  
CVE:  
  
Remote: Yes   
  
Local: No   
  
Published: 2012-02-24  
  
Updated:   
  
Impact : Medium (CVSSv2 Base : 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P)  
  
Bug Description :  
Page 'edit.asp' of CJWSoft ASPGuest GuestBook(Free Version) is vulnerable with Security Access Control Bypass and SQL Injection Vulnerability.  
  
POC:  
#-------------------------------------------------------------  
1) Security Access Control Bypass  
Page 'edit.asp' is a page for editing message as administrator privilege, but it can be viewed without authentication by everyone.  
  
2) SQL Injection  
http://victim/guestbook/admin/edit.asp?ID=8 and 1=1  
http://victim/guestbook/admin/edit.asp?ID=8 and 1=2  
etc...  
#-------------------------------------------------------------  
  
Advice:  
1) Add 'Session()' for authentication into 'edit.asp'.  
2) Use 'cint()' for converting type of ID into 'edit.asp'.  
  
Credits : This vulnerability was discovered by [email protected]  
mail: [email protected] / [email protected]  
Pentester/Researcher  
Dark2S Security Team/PolyU.HK  
`
JSON