memmansys21.txt

`#Title: Vulnerabilities in Member Management System 2.1   
  
#Software: Member Management System 2.1  
#Vendor: http://www.expinion.net/software/app_mms.asp  
#Impact: Disclosure of authentication information, Disclosure of user   
information, Execution of arbitrary code via network, Modification of user   
and admin information, User access via network.  
#Underlying OS: Windows NT, Windows 2000, Windows 2003 or Windows XP   
Professional/Server.   
  
#Vendor Description:   
  
Quickly secure pages or portions of your web site from unregistered   
visitors. Easy to integrate security into existing sites! Login to admin to   
send 'Expiry Notices', upload & download user data, capture member activity,   
browser & os info, add optional fields, send subscriber newsletters, group &   
relate people, verify email addresses   
  
#Vulnerabilities:   
  
Input Validation Holes Permit SQL Injection and Cross-Site Scripting   
Attacks.   
  
#SQL Injection#   
  
A problem of sanitation in resend.asp, news_view.asp, could lead an attacker   
to inject SQL code to manipulate and disclose information from the database.  
The same problem is present in administration site in more scripts.   
  
Examples:  
http://[host]/resend.asp?ID=[SQL query]  
http://[host]/news_view.asp?ID=[SQL query]   
  
#Cross-Site Scripting#   
  
Another problem of sanitation permits an attacker inject a XSS in the   
register form (register.asp), this will be executed at the administration   
site permitting the attacker to modify or delete data.  
Also is possible a XSS attack in error.asp.   
  
Example:  
http://[host]/error.asp?err=">[XSS]  
Example to delete a user:  
In the register form: "><iframe src=http://[host]/admin/user_del.asp?ID=[ID   
to delete]>   
  
#Solution:   
  
Vendor contacted, the vulnerabilities will be addressed very soon.  
Thanks to Vladimir S. Pekulas.  
http://www.expinion.net/software/app_mms.asp   
  
#Credits:   
  
Manuel López. [email protected]   
`