From: "CorryL" <corryl@sitoverde.com.>
To: <full-disclosure@lists.netsys.com.>
Subject: ASPjar Guestbook login.asp not official patch
Date: Tue, 15 Feb 2005 17:03:23 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.0
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
X-Virus-Scanned: antivirus-gw at tyumen.ru
..::x0n3-h4ck.org Italian Security Team::..
ASPjar Guestbook login.asp not official patch
Application: Aspjar Guestbook
Version: 1.0
Bug: Sqj injection
Vendor : not attainable
DETAILS
Supply in the password field ' or ''=', this should allow you to bypass
the authentication process used by ASPjar Guestbook.
Patch:
This is patch created by Expanders from x0n3-h4ck Italian Security Team.
Find in the file admin\login.asp this is string:
strSql ="SELECT * from admin where Name = '" & Request.Form("User") & "' and
password = '" & Request.Form("Password") &"'"
you replace with:
strSql ="SELECT * from admin where Name = '" &
replace(Request.Form("User"),"'","") & "' and password = '" &
replace(Request.Form ("Password"),"'","") &"'"
For Info www.x0n3-h4ck.org
CorryL
corryl80@gmail.com
www.x0n3-h4ck.org
_________________________________
www.seekstat.it is your web stat
