Vulners
Lucene search
AssetMan 2.5-b - SQL Injection using Session Fixation
============================================================
AssetMan v2.5-b SQL Injection using Session Fixation Attack
============================================================
; ,
,; '.
;: :;
:: ::
:: ::
': :
:. :
;' :: :: '
.' '; ;' '.
:: :; ;: ::
; :;. ,;: ::
:; :;: ,;" ::
::. ':; ..,.; ;:' ,.;:
"'"... '::,::::: ;: .;.;""'
'"""....;:::::;,;.;"""
.:::.....'"':::::::'",...;::::;.
;:' '""'"";.,;:::::;.'"""""" ':;
::' ;::;:::;::.. :;
:: ,;:::::::::::;:.. ::
;' ,;;:;::::::::::::::;";.. ':.
:: ;:" ::::::"""':::::: ": ::
:. :: ::::::; ::::::: : ;
; :: ::::::: ::::::: : ;
' :: ::::::....:::::' ,: '
' :: :::::::::::::" ::
:: ':::::::::"' ::
': """""""' ::
:: ;:
':; ;:"
'; ,;'
"' '"
'
AUTHOR : Neo Anderson & Rohit Bansal
DATE : 19th Sept,2008
Email : [email protected] & [email protected]
#####################################################
# Site : http://www.bctree.com/~assetman
# Bug : SQL Injection using Session Fixation Attack
# File : search_inv.php
# Variable : GET variable 'order_by'
#####################################################
# Impact of Vulnerability:
By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards.
#####################################################
# Bug explanation - Session Fixation Attack/Meta Tag Exploitation:
By injecting a custom HTTP header or by injecting a META tag, it is possible to alter the cookies stored in the browser. Attackers will normally manipulate cookie values to fraudulently authenticate themselves on a web site.
#####################################################
# PoC:
http://127.0.0.1/assetman/search_inv.php?action=search_all&order_by=%3Cmeta+http-equiv='Set-cookie'+content='=value'%3E&order=DESC+limit+1,1--
#####################################################
# GreeTz
InfySec , str0ke & EvilFingers
www.infysec.com
www.evilfingers.com
#####################################################
# milw0rm.com [2008-09-18]Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Sep 2008 00:00Current
7.4High risk
Vulners AI Score7.4