Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormManuel LopezPACKETSTORM:32927
HistoryMar 23, 2004 - 12:00 a.m.

newsmanlite25.txt

2004-03-2300:00:00
Manuel Lopez
packetstormsecurity.com
23
JSON
`#Title: Vulnerabilities in News Manager Lite 2.5 & News Manager Lite   
administration.   
  
#Software: News Manager Lite 2.5 & News Manager Lite administration.  
#Vendor: http://www.expinion.net/software/app_newsmanager.asp  
#Impact: Disclosure of authentication information, Disclosure of user   
information, Execution of arbitrary code via network, Modification of user   
and admin information, User access via network.  
#Underlying OS: Windows NT, Windows 2000, Windows 2003 or Windows XP   
Professional/Server.   
  
  
---- News Manager Lite 2.5 ----   
  
#Vendor Description:   
  
The Expinion News Manager Lite, makes it easy for you to keep your site's   
news up-to-date. You can manage all your news items from an online   
administration, and keep an archive of older news.   
  
#Vulnerabilities:   
  
This software has Multiple Flaws That Let Remote Users Hijack Admin Account,   
Inject SQL Commands, and Conduct Cross-Site Scripting Attacks.   
  
#Cross Site Scripting#   
  
This product is vulnerable to the Cross-Site Scripting vulnerability that   
would allow attackers to inject HTML and script codes into the pages and   
execute it on the client's browser.   
  
Examples:  
http://[host]/comment_add.asp?ID=3&email=[XSS]  
http://[host]/search.asp?search=[XSS]  
http://[host]/category_news_headline.asp?ID=2&n=[XSS]   
  
#SQL Injection#   
  
Another problem could lead an attacker to inject SQL code to manipulate and   
disclose various information from the database.   
  
Examples:  
http://[host]/more.asp?ID='[SQL query]  
http://[host]/category_news.asp?ID='[SQL]  
http://[host]/news_sort.asp?filter='[SQL]   
  
  
---- News Manager Lite administration ----   
  
#Cookie Account Hijack#   
  
This issue can be exploited to gain an administrative account with the   
service.  
You can login like administrator modifying the cookie in this "way".   
  
Example:  
Cookie: NEWS%5FLOGIN=ADMIN=1&ID=1   
  
#Solution:   
  
Vendor contacted, the vulnerabilities will be addressed very soon.   
  
#Credits:   
  
Manuel Lรณpez. [email protected]   
`
JSON