Echo Security Advisory 2005.21

Echo Security Advisory 2005.21: Posted Jun 25, 2005; Authored by Echo Security, the_day | Site theday.echo.or.id; SQL injection and cross site scripting vulnerabilities exist in ActiveBuyAndSell version 6.2.; tags | exploit, vulnerability, xss, sql injection; SHA-256 | c592a6b683d88e7fa532d3f0a9b9ee2e7214b8eb24a5a2409aa74d042cca2d84; Download | Favorite | View

Echo Security Advisory 2005.21

---------------------------------------------------------------------------
[ECHO_ADV_21$2005] MUltiple Vulnarable In ActiveBuyAndSell
---------------------------------------------------------------------------

Author: Dedi Dwianto
Date: June, 24th 2005
Location: Indonesia, Jakarta
Web: http://echo.or.id/adv/adv21-theday-2005.txt

---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : ActiveBuyAndSell
version  : 6.2
URL  : http://ActiveWebSoftwares.com
Author : ActiveWebSoftwares
Description :

ActiveBuyAndSell is a Web-based application that connects people selling products 
and services with people looking to buy products and services. Uses MS SQL or 
Access database. Full ASp source code included.
  
---------------------------------------------------------------------------

Vulnerabilities:
~~~~~~~~~~~~~~~~

A. SQL Injection:
   
   * http://victim/ebuyandsell/default.asp?catid=[SQL inject]

   * http://victim/ebuyandsell/buyersend.asp?catid=[SQL inject]

   * http://victim/ebuyandsell/admin.asp
     In this pages vulnarable sql injection in form input
  
  POC : 
    Administrator ID :[SQL Inject]
    Password   :blank

  
   * http://victim/ebuyandsell/advertiserstart.asp

  POC :
    E-mail Address  :[SQL inject]
    Password  :blank

   * http://victim/ebuyandsell/buyer.asp

  POC :
    E-mail    :[SQL inject]
    Password  :blank

   * http://victim/ebuyandsell/search.asp

  POC :
    Keyword    :[SQL inject]


B. Xss
  
   * http://victim/ebuyandsell/sendpassword.asp?Table=Buyer&Title=[XSS]&EmailFld=BEmail

  POC :

  http://victim/ebuyandsell/sendpassword.asp?Table=Buyer&Title=<script>alert('test')</script>&EmailFld=BEmail

  * http://victim/ebuyandsell/search.asp

  POC :
    Keyword    : <script>alert('dudul')</script>

   
C. Fix

   Vendor allready contacted but still no response and i can't fix it because
   i can't view source code :lol

---------------------------------------------------------------------------

Shoutz:
~~~~~~~

~ y3dips, moby, comex, z3r0byt3, K-159, c-a-s-e, S`to, lirva32, anonymous
~ Lieur Euy , MSR
~ newbie_hacker@yahoogroups.com ,
~ #e-c-h-o@DALNET

---------------------------------------------------------------------------
Contact:
~~~~~~~~

     the_day || echo|staff || the_day[at]echo[dot]or[dot]id
     Homepage: http://theday.echo.or.id/

-------------------------------- [ EOF ] ----------------------------------

Top Authors In Last 30 Days

Red Hat 305 files
Ubuntu 67 files
Debian 23 files
Gentoo 8 files
LiquidWorm 6 files
Apple 5 files
Google Security Research 5 files
Spencer McIntyre 3 files
Ivan Fratric 3 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

Echo Security Advisory 2005.21

Echo Security Advisory 2005.21

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Echo Security Advisory 2005.21

Share This

Echo Security Advisory 2005.21

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems