ASPRunner _edit.asp SQL Variable XSS

2004-07-26T07:05:44
ID OSVDB:8255
Type osvdb
Reporter Ferruh Mavituna(ferruh@mavituna.com)
Modified 2004-07-26T07:05:44

Description

Vulnerability Description

ASPRunner contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate SQL variables upon submission to the '[table-name]_edit.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. Knowledge of the table name is required to exploit this.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

ASPRunner contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate SQL variables upon submission to the '[table-name]_edit.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. Knowledge of the table name is required to exploit this.

Manual Testing Notes

http://[victim]/[TABLE-NAME]_edit.asp?editid=2822&editid2=&editid3=&TargetPa geNumber=1&SQL=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ese lect+%5Bword_id%5D%2C+%5Bword_id%5D%2C+++%5Btr%5D%2C+++%5Ben%5D%2C+++%5Bdesc %5D++From+%5Bdictionary%5D++order+by+%5Ben%5D+desc&NeedQuoteswordid=False&Ne edQuotes=&NeedQuotes=&action=view

References:

Vendor URL: http://www.xlinesoft.com/asprunner/ Security Tracker: 1010777 Secunia Advisory ID:12164 Related OSVDB ID: 8254 Related OSVDB ID: 8251 Related OSVDB ID: 8256 Related OSVDB ID: 8252 Related OSVDB ID: 8253 Related OSVDB ID: 8257 Other Advisory URL: http://ferruh.mavituna.com/article/?574 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0291.html ISS X-Force ID: 16801 Bugtraq ID: 10799