newsmanlite25.txt

2004-03-23T00:00:00
ID PACKETSTORM:32927
Type packetstorm
Reporter Manuel Lopez
Modified 2004-03-23T00:00:00

Description

                                        
                                            `#Title: Vulnerabilities in News Manager Lite 2.5 & News Manager Lite   
administration.   
  
#Software: News Manager Lite 2.5 & News Manager Lite administration.  
#Vendor: http://www.expinion.net/software/app_newsmanager.asp  
#Impact: Disclosure of authentication information, Disclosure of user   
information, Execution of arbitrary code via network, Modification of user   
and admin information, User access via network.  
#Underlying OS: Windows NT, Windows 2000, Windows 2003 or Windows XP   
Professional/Server.   
  
  
---- News Manager Lite 2.5 ----   
  
#Vendor Description:   
  
The Expinion News Manager Lite, makes it easy for you to keep your site's   
news up-to-date. You can manage all your news items from an online   
administration, and keep an archive of older news.   
  
#Vulnerabilities:   
  
This software has Multiple Flaws That Let Remote Users Hijack Admin Account,   
Inject SQL Commands, and Conduct Cross-Site Scripting Attacks.   
  
#Cross Site Scripting#   
  
This product is vulnerable to the Cross-Site Scripting vulnerability that   
would allow attackers to inject HTML and script codes into the pages and   
execute it on the client's browser.   
  
Examples:  
http://[host]/comment_add.asp?ID=3&email=[XSS]  
http://[host]/search.asp?search=[XSS]  
http://[host]/category_news_headline.asp?ID=2&n=[XSS]   
  
#SQL Injection#   
  
Another problem could lead an attacker to inject SQL code to manipulate and   
disclose various information from the database.   
  
Examples:  
http://[host]/more.asp?ID='[SQL query]  
http://[host]/category_news.asp?ID='[SQL]  
http://[host]/news_sort.asp?filter='[SQL]   
  
  
---- News Manager Lite administration ----   
  
#Cookie Account Hijack#   
  
This issue can be exploited to gain an administrative account with the   
service.  
You can login like administrator modifying the cookie in this "way".   
  
Example:  
Cookie: NEWS%5FLOGIN=ADMIN=1&ID=1   
  
#Solution:   
  
Vendor contacted, the vulnerabilities will be addressed very soon.   
  
#Credits:   
  
Manuel López. mantra@gulo.org   
`