Password Protect users_edit.asp SQL Injection

2004-08-30T18:26:26
ID OSVDB:9377
Type osvdb
Reporter Criolabs Staff(security@criolabs.net)
Modified 2004-08-30T18:26:26

Description

Vulnerability Description

Password Protect contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is due to the users_edit.asp script insufficiently validating the user input. This flaw will allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Password Protect contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is due to the users_edit.asp script insufficiently validating the user input. This flaw will allow an attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.webanimations.com.au/ Vendor URL: http://www.webanimations.com.au/shop/Scripts/prodView.asp?idproduct=16 Security Tracker: 1011093 Secunia Advisory ID:12407 Related OSVDB ID: 9371 Related OSVDB ID: 9373 Related OSVDB ID: 9369 Related OSVDB ID: 9374 Related OSVDB ID: 9375 Related OSVDB ID: 9370 Related OSVDB ID: 9372 Related OSVDB ID: 9376 Other Advisory URL: http://www.criolabs.net/advisories/passprotect.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0017.html CVE-2004-1647