[36364] in bugtraq

home help back first fref pref prev next nref lref last post

Password Protect XSS and SQL-Injection vulnerabilities.

daemon@ATHENA.MIT.EDU (Criolabs)
Thu Sep 2 15:48:37 2004

Date: Mon, 30 Aug 2004 19:16:46 -0400
From: Criolabs <security@criolabs.net>
To: bugtraq@securityfocus.com
Message-ID: <66895d255bdcaa9e8716dd128e160bcb@criolabs.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

****************************************************************************************************
                                             CRIOLABS  

- Software:   Password protect   
- Type:       User Authentication
- Company:    Web Animations
- Date:       30-8-2004


****************************************************************************************************


## Software ##

Software:   Password protect     
Versions:   All  
Languaje:   ASP
Plataforms: Win nt, 2000, xp 
Web:        http://www.webanimations.com.au/


The ultimate protection including unlimited user names and passwords each checking their individual
ip address. You can add 1 ip address or include a range for the users with various IP address's 
when they log in.    



## Affected part ## 

- ChangePassword.asp     (XSS in ShowMsg, SQL Injection in LoginId and OPass variables)
- index.asp              (XSS in ShowMsg)
- index_next.asp	 (SQL Injection in admin and Pass variables)
- users_list.asp         (XSS in ShowMsg variable)
- users_add.asp          (XSS in ShowMsg variable, SQL Injection)
- users_edit.asp	 (XSS, SQL Injection)



## Vulnerabilities ##


	### SQL Injection ###

	A remote user can use an sql-injection attack to login as admin or manipulate the database.
	index_next.asp, ChangePassword.asp, users_edit.asp, users_add.asp are affected.
	
	
	Example:
	
	/adminSection/index_next.asp?
	admin = (SQLInjection) Pass = (SQLInjection)  
	
	/adminSection/ChangePassword.asp?
	LoginId=(SQLInjection) OPass=(SQLInjection) NPass=(SQLInjection) CPass=(SQLInjection)	
	


	### Cross-site Scripting ###
	
	This software do not filter HTML code from user-supplied input in some scripts.
	
	
	Example:

	/adminSection/index.asp?ShowMsg=(XSS)
	/adminSection/ChangePassword.asp?ShowMsg=(XSS)
	/adminSection/users_list.asp?ShowMsg=(XSS)
	/adminSection/users_add.asp?ShowMsg=(XSS)	
	



## History ##

Vendor contacted: Fri, 06 Aug 2004, no response. 



## Credits ##

Criolabs staff
http://www.criolabs.net 

Original advisory and proof of concept in http://www.criolabs.net/advisories/passprotect.txt
home help back first fref pref prev next nref lref last post