gosmart.txt

2004-10-13T00:00:00
ID PACKETSTORM:34633
Type packetstorm
Reporter Positive Technologies
Modified 2004-10-13T00:00:00

Description

                                        
                                            `This vulnerability was discovered by Positive Technologies using  
MaxPatrol (www.maxpatrol.com) - intellectual professional security  
scanner. It is able to detect a substantial amount of vulnerabilities  
not published yet. MaxPatrol's intelligent algorithms are also capable  
to detect a lot of vulnerabilities in custom web-scripts (XSS, SQL and  
code injections, HTTP Response splitting).  
  
  
Date: 11.10.04  
  
Severity: Low  
  
  
  
Application: GoSmart Message Board, http://www.gosmart4u.com/forum.aspx  
  
  
  
Platform: ASP  
  
  
  
I. DESCRIPTION  
  
--------------  
  
Multiple vulnerabilities were found in GoSmart Message Board. A remote  
user can conduct SQL injection attack and Cross site scripting attack.   
  
  
  
1. SQL injection (minimal risk, because using Access database)  
  
  
messageboard/Forum.asp?QuestionNumber=[SQL CODE HERE]&Find=1&Category=1  
  
messageboard/Forum.asp?Username=&Category=[SQL CODE HERE]  
  
messageboard/Forum.asp?QuestionNumber=[SQL CODE HERE]&Find=1  
  
messageboard/Forum.asp?Category=[SQL CODE HERE]  
  
POST /messageboard/Login_Exec.asp HTTP/1.1   
Host: www.gosmart4u.com   
Content-Type: application/x-www-form-urlencoded   
Content-Length: 29   
  
Username=[SQL CODE HERE]&Password=1&Login=1   
  
  
POST /messageboard/Login_Exec.asp HTTP/1.1   
Host: www.gosmart4u.com   
Content-Type: application/x-www-form-urlencoded   
Content-Length: 29   
  
Username=1&Password=[SQL CODE HERE]&Login=1  
  
  
2. XSS:  
  
/messageboard/Forum.asp?QuestionNumber=1&Find=1&Category=%22%3E%3Cscript  
%3Ealert%28%29%3C%2Fscript%3E%3C%22  
  
/messageboard/ReplyToQuestion.asp?MainMessageID=%22%3E%3Cscript%3Ealert%  
28%29%3C%2Fscript%3E%3C%22  
  
  
  
  
II. IMPACT  
  
----------  
  
  
A remote user can access the target user's cookies (including  
authentication cookies).   
  
A remote user can cause SQL commands to be executed by the underlying  
database.  
  
  
  
  
III. SOLUTION  
  
-------------  
Not available currently.  
  
  
  
IV. VENDOR FIX/RESPONSE  
  
-----------------------  
n/a  
  
  
V. CREDIT  
  
-------------  
Positive Technologies (www.ptsecurity.com) is information security  
company especially focused on development of MaxPatrol - professional  
security scanner.  
  
`