ASP Nuke comments.asp taskid Variable SQL Injection

2005-04-22T14:25:06
ID OSVDB:15799
Type osvdb
Reporter Diabolic Crab(dcrab@hackerscenter.com)
Modified 2005-04-22T14:25:06

Description

Vulnerability Description

ASP Nuke contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'taskid' variable in the comments.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

ASP Nuke contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'taskid' variable in the comments.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/module/support/task/comments.asp?taskid='SQL_INJECTION http://[victim]/module/support/task/comments.asp?taskid=Username-- http://[victim]/module/support/task/comments.asp?taskid=Password--

References:

Vendor URL: http://www.aspnuke.com/ Security Tracker: 1013788 Secunia Advisory ID:15066 Related OSVDB ID: 15801 Related OSVDB ID: 15803 Related OSVDB ID: 15800 Related OSVDB ID: 15802 Other Advisory URL: http://www.digitalparadox.org/advisories/aspnuke.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0354.html