by r0t,der4444,cembo,VietMafia

Monday, May 01, 2006

CyberBuild vuln.

###############################################
Vuln. discovered by : r0t
Date: 1 may 2006
vendorlink:www.smartwin.com.au/cyberbuild.htm
affected versions:last
###############################################

Vuln. Description:

1. SQL injection.

CyberOffice Warehouse Builder contains a flaw that allows a remote sql injection attacks.Input passed to the "SessionID" parameter in "login.asp" and input passed to the "ProductIndex" parameter in "browse0.htm" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples:

/login.asp?SessionID=[SQL]
/browse0.htm?ProductIndex=[SQL]



2. XSS
contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to the "SessionID" parameter in "login.asp" and input passed to the "ProductIndex" parameter in "browse0.htm" and input passed to the "rowcolor","heading" parameter in "/include/result.asp" isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

examples:

/login.asp?SessionID=[XSS]

/browse0.htm?ProductIndex=[XSS]

/include/result.asp?debug=print&cols=3&lineco
lor=%23AAAAAA&menu=category&body=bodyblue&bol
d=bodyheading&hlcolor=%2388C4FF&bgcolor=%23E
0FFE0&menucolor=%23E0FFE0&hdcolor=%23B0B0B0&
idcolor=%23FFFFFF&header=bodywhite&rowcolor=[XSS]

/include/result.asp?debug=print&cols=3&linec
olor=%23AAAAAA&menu=category&body=bodyblue&b
old=bodyheading&hlcolor=%2388C4FF&bgcolor=%2
3E0FFE0&menucolor=%23E0FFE0&hdcolor=%23B0B0
B0&idcolor=%23FFFFFF&header=bodywhite&rowco
lor=%23E0FFE0&row=bodyblack&label=bodyblue&
heading=[XSS]

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

1 Comments:

Blogger smartwin technology told...

Fixed on the latest release.

2:22 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew