Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

duportal2.txt

🗓️ 01 Jun 2005 00:00:00Reported by Diabolic CrabType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

Security Advisory on DUportal vulnerabilit

Code
`This is a multi-part message in MIME format.  
  
------=_NextPart_000_0008_01C545EE.4A553BC0  
Content-Type: text/plain;  
charset="iso-8859-1"  
Content-Transfer-Encoding: quoted-printable  
  
=20  
Dcrab 's Security Advisory  
[Hsc Security Group] http://www.hackerscenter.com/  
[dP Security] http://digitalparadox.org/  
  
Get Dcrab's Services to audit your Web servers, scripts, networks, etc. =  
Learn more at http://www.digitalparadox.org/services.ah  
  
Severity: Very High  
Title: DUportal 3.1.2 and DUportal 3.1.2 SQL have many sql injection=20  
vulnerabilities.  
Date: 20/04/2005  
  
Vendor: DUware  
Vendor Website: http://www.duware.com  
Summary: There are, many sql injections in DUportal 3.1.2 and DUportal=20  
3.1.2 SQL.  
  
Proof of Concept Exploits:=20  
  
http://localhost/test_DUportal/home/../home/channel.asp?iChannel=3D'SQL_I=  
NJECTION&nChannel=3DArticles  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'CAT_CHANNEL =3D CHA_ID AND CAT_CHANNEL =  
=3D=20  
''SQL_INJECTION'.  
  
/test_DUportal/includes/inc_channel.asp, line 44  
  
  
http://localhost/test_DUportal/home/detail.asp?iData=3D'SQL_INJECTION&iCa=  
t=3D221&iChannel=3D7&nChannel=3DAds  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'DAT_ID =3D ''SQL_INJECTION'.  
  
/test_DUportal/includes/inc_detail.asp, line 39  
  
  
http://localhost/test_DUportal/home/detail.asp?iData=3D136&iCat=3D'SQL_IN=  
JECTION&iChannel=3D7&nChannel=3DAds  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'CAT_CHANNEL =3D CHA_ID AND DAT_CATEGORY =  
=3D=20  
CAT_ID AND CHA_ACTIVE =3D 1 AND DAT_CATEGORY =3D ''SQL_INJECTION AND =  
DAT_ID <> 136 AND DAT_APPROVED=3D1 AND DAT_EXPIRED > DATE()'.  
  
/test_DUportal/includes/inc_detail_related.asp, line 44  
  
  
http://localhost/test_DUportal/includes/inc_poll_voting.asp?DAT_PARENT=3D=  
'SQL_INJECTION&DAT_CATEGORY=3D254&CHA_ID=3D15&CHA_NAME=3DPolls&DAT_ID=3D1=  
12  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in =  
query expression 'DAT_ID =3D 'SQL_INJECTION'.  
  
/test_DUportal/includes/inc_poll_voting.asp, line 47  
  
http://localhost/test_DUportal/includes/inc_rating.asp?iChannel=3D8&iCat=3D=  
231&iData=3D'SQL_INJECTION&nChannel=3DProducts&iRate=3D5  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'DAT_ID =3D ''SQL_INJECTION'.  
  
/test_DUportal/includes/inc_rating.asp, line 47  
  
http://localhost/test_DUportal/includes/inc_rating.asp?iChannel=3D8&iCat=3D=  
231&iData=3D86&nChannel=3DProducts&iRate=3D'SQL_INJECTION  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'DAT_RATED + ''SQL_INJECTION'.  
  
/test_DUportal/includes/inc_rating.asp, line 47  
  
  
http://localhost/test_DUportal/home/detail.asp?iData=3D86&iCat=3D'SQL_INJ=  
ECTION&iChannel=3D8&nChannel=3DProducts  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'CAT_CHANNEL =3D CHA_ID AND DAT_CATEGORY =  
=3D=20  
CAT_ID AND CHA_ACTIVE =3D 1 AND DAT_CATEGORY =3D ''SQL_INJECTION AND =  
DAT_ID <> 86 AND DAT_APPROVED=3D1 AND DAT_EXPIRED > DATE()'.  
  
/test_DUportal/includes/inc_detail_related.asp, line 44  
  
http://localhost/test_DUportal/home/channel.asp?iChannel=3D'SQL_INJECTION=  
  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'CAT_CHANNEL =3D CHA_ID AND CAT_CHANNEL =  
=3D=20  
''SQL_INJECTION'.  
  
/test_DUportal/includes/inc_channel.asp, line 44  
  
  
http://localhost/test_DUportal/home/detail.asp?iData=3D'SQL_INJECTION&iCa=  
t=3D248&iChannel=3D6&nChannel=3DEvents  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'DAT_ID =3D ''SQL_INJECTION'.  
  
/test_DUportal/includes/inc_detail.asp, line 39  
  
  
http://localhost/test_DUportal/home/detail.asp?iData=3D10&iCat=3D'SQL_INJ=  
ECTION&iChannel=3D1&nChannel=3DNews  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'CAT_CHANNEL =3D CHA_ID AND DAT_CATEGORY =  
=3D=20  
CAT_ID AND CHA_ACTIVE =3D 1 AND DAT_CATEGORY =3D ''SQL_INJECTION AND =  
DAT_ID <> 10 AND DAT_APPROVED=3D1 AND DAT_EXPIRED > DATE()'.  
  
/test_DUportal/includes/inc_detail_related.asp, line 44  
  
  
http://localhost/test_DUportal/home/search.asp?keyword=3Ddcrab&iChannel=3D=  
'SQL_INJECTION  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error in query =  
expression 'DAT_CATEGORY =3D CAT_ID AND CHA_ID =3D CAT_CHANNEL AND =  
CHA_ID =3D=20  
'SQL_INJECTION AND (DAT_NAME LIKE '%dcrab%' OR DAT_DESCRIPTION LIKE =  
'%dcrab%') AND DAT_APPROVED =3D 1 AND CHA_ACTIVE=3D1 AND DAT_EXPIRED >=20  
DATE() AND DAT_PARENT=3D0 ORDER BY CHA_MENU, CAT_NAME, DAT_NAME'.  
  
/test_DUportal/includes/inc_result.asp, line 53  
  
  
http://localhost/test_DUportal/home/type.asp?iCat=3D'SQL_INJECTION&iChann=  
el=3D8&nChannel=3DProducts  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'DAT_CATEGORY =3D CAT_ID AND CAT_CHANNEL =  
=3D=20  
CHA_ID AND DAT_APPROVED=3D1 AND CHA_ACTIVE=3D1 AND DAT_EXPIRED > DATE() =  
AND DAT_CATEGORY =3D ''SQL_INJECTION'.=20  
  
/test_DUportal/includes/inc_type.asp, line 41  
  
  
Possible Fixes: The usage of mysql_escape_string(), =  
mysql_real_escape_string() and other functions for input validation =  
before passing=20  
user input to the mysql database, would solve these problems.  
  
Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah  
  
Author:=20  
These vulnerabilties have been found and released by Diabolic Crab, =  
Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel=20  
free to contact me regarding these vulnerabilities. You can find me at, =  
http://www.hackerscenter.com or http://digitalparadox.org/.=20  
Lookout for my soon to come out book on Secure coding with php.  
  
  
Sincerely,  
Diabolic Crab  
Web Security, Research & Development  
dP Security  
email: [email protected]  
website: http://www.digitalparadox.org=20  
  
This message is confidential. It may also contain information that is=20  
privileged or otherwise legally exempt from disclosure.=20  
If you have received it by mistake please let us know by e-mail=20  
immediately and delete it from your system; should also not copy=20  
the message nor disclose its contents to anyone. Many thanks.  
  
  
------=_NextPart_000_0008_01C545EE.4A553BC0  
Content-Type: text/html;  
charset="iso-8859-1"  
Content-Transfer-Encoding: quoted-printable  
  
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">  
<HTML><HEAD>  
<META http-equiv=3DContent-Type content=3D"text/html; =  
charset=3Diso-8859-1">  
<META content=3D"MSHTML 6.00.2900.2627" name=3DGENERATOR>  
<STYLE></STYLE>  
</HEAD>  
<BODY bgColor=3D#ffffff><!--StartFragment -->&nbsp;<PRE>Dcrab 's =  
Security Advisory  
[Hsc Security Group] http://www.hackerscenter.com/  
[dP Security] http://digitalparadox.org/  
  
Get Dcrab's Services to audit your Web servers, scripts, networks, etc. =  
Learn more at http://www.digitalparadox.org/services.ah  
  
Severity: Very High  
Title: DUportal 3.1.2 and DUportal 3.1.2 SQL have many sql injection=20  
vulnerabilities.  
Date: 20/04/2005  
  
Vendor: DUware  
Vendor Website: http://www.duware.com  
Summary: There are, many sql injections in DUportal 3.1.2 and DUportal=20  
3.1.2 SQL.  
  
Proof of Concept Exploits:=20  
  
http://localhost/test_DUportal/home/../home/channel.asp?iChannel=3D'SQL_I=  
NJECTION&nChannel=3DArticles  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'CAT_CHANNEL =3D CHA_ID AND CAT_CHANNEL =  
=3D=20  
''SQL_INJECTION'.  
  
/test_DUportal/includes/inc_channel.asp, line 44  
  
  
http://localhost/test_DUportal/home/detail.asp?iData=3D'SQL_INJECTION&amp=  
;iCat=3D221&iChannel=3D7&nChannel=3DAds  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'DAT_ID =3D ''SQL_INJECTION'.  
  
/test_DUportal/includes/inc_detail.asp, line 39  
  
  
http://localhost/test_DUportal/home/detail.asp?iData=3D136&iCat=3D'SQ=  
L_INJECTION&iChannel=3D7&nChannel=3DAds  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'CAT_CHANNEL =3D CHA_ID AND DAT_CATEGORY =  
=3D=20  
CAT_ID AND CHA_ACTIVE =3D 1 AND DAT_CATEGORY =3D ''SQL_INJECTION AND =  
DAT_ID <> 136 AND DAT_APPROVED=3D1 AND DAT_EXPIRED > DATE()'.  
  
/test_DUportal/includes/inc_detail_related.asp, line 44  
  
  
http://localhost/test_DUportal/includes/inc_poll_voting.asp?DAT_PARENT=3D=  
'SQL_INJECTION&DAT_CATEGORY=3D254&CHA_ID=3D15&CHA_NAME=3DPoll=  
s&DAT_ID=3D112  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in =  
query expression 'DAT_ID =3D 'SQL_INJECTION'.  
  
/test_DUportal/includes/inc_poll_voting.asp, line 47  
  
http://localhost/test_DUportal/includes/inc_rating.asp?iChannel=3D8&i=  
Cat=3D231&iData=3D'SQL_INJECTION&nChannel=3DProducts&iRate=3D=  
5  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'DAT_ID =3D ''SQL_INJECTION'.  
  
/test_DUportal/includes/inc_rating.asp, line 47  
  
http://localhost/test_DUportal/includes/inc_rating.asp?iChannel=3D8&i=  
Cat=3D231&iData=3D86&nChannel=3DProducts&iRate=3D'SQL_INJECTI=  
ON  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'DAT_RATED + ''SQL_INJECTION'.  
  
/test_DUportal/includes/inc_rating.asp, line 47  
  
  
http://localhost/test_DUportal/home/detail.asp?iData=3D86&iCat=3D'SQL=  
_INJECTION&iChannel=3D8&nChannel=3DProducts  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'CAT_CHANNEL =3D CHA_ID AND DAT_CATEGORY =  
=3D=20  
CAT_ID AND CHA_ACTIVE =3D 1 AND DAT_CATEGORY =3D ''SQL_INJECTION AND =  
DAT_ID <> 86 AND DAT_APPROVED=3D1 AND DAT_EXPIRED > DATE()'.  
  
/test_DUportal/includes/inc_detail_related.asp, line 44  
  
http://localhost/test_DUportal/home/channel.asp?iChannel=3D'SQL_INJECTION=  
  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'CAT_CHANNEL =3D CHA_ID AND CAT_CHANNEL =  
=3D=20  
''SQL_INJECTION'.  
  
/test_DUportal/includes/inc_channel.asp, line 44  
  
  
http://localhost/test_DUportal/home/detail.asp?iData=3D'SQL_INJECTION&amp=  
;iCat=3D248&iChannel=3D6&nChannel=3DEvents  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'DAT_ID =3D ''SQL_INJECTION'.  
  
/test_DUportal/includes/inc_detail.asp, line 39  
  
  
http://localhost/test_DUportal/home/detail.asp?iData=3D10&iCat=3D'SQL=  
_INJECTION&iChannel=3D1&nChannel=3DNews  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'CAT_CHANNEL =3D CHA_ID AND DAT_CATEGORY =  
=3D=20  
CAT_ID AND CHA_ACTIVE =3D 1 AND DAT_CATEGORY =3D ''SQL_INJECTION AND =  
DAT_ID <> 10 AND DAT_APPROVED=3D1 AND DAT_EXPIRED > DATE()'.  
  
/test_DUportal/includes/inc_detail_related.asp, line 44  
  
  
http://localhost/test_DUportal/home/search.asp?keyword=3Ddcrab&iChann=  
el=3D'SQL_INJECTION  
SQL INJECTION  
  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error in query =  
expression 'DAT_CATEGORY =3D CAT_ID AND CHA_ID =3D CAT_CHANNEL AND =  
CHA_ID =3D=20  
'SQL_INJECTION AND (DAT_NAME LIKE '%dcrab%' OR DAT_DESCRIPTION LIKE =  
'%dcrab%') AND DAT_APPROVED =3D 1 AND CHA_ACTIVE=3D1 AND DAT_EXPIRED =  
>=20  
DATE() AND DAT_PARENT=3D0 ORDER BY CHA_MENU, CAT_NAME, DAT_NAME'.  
  
/test_DUportal/includes/inc_result.asp, line 53  
  
  
http://localhost/test_DUportal/home/type.asp?iCat=3D'SQL_INJECTION&iC=  
hannel=3D8&nChannel=3DProducts  
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'  
  
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing =  
operator) in query expression 'DAT_CATEGORY =3D CAT_ID AND CAT_CHANNEL =  
=3D=20  
CHA_ID AND DAT_APPROVED=3D1 AND CHA_ACTIVE=3D1 AND DAT_EXPIRED > =  
DATE() AND DAT_CATEGORY =3D ''SQL_INJECTION'.=20  
  
/test_DUportal/includes/inc_type.asp, line 41  
  
  
Possible Fixes: The usage of mysql_escape_string(), =  
mysql_real_escape_string() and other functions for input validation =  
before passing=20  
user input to the mysql database, would solve these problems.  
  
Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah  
  
Author:=20  
These vulnerabilties have been found and released by Diabolic Crab, =  
Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel=20  
free to contact me regarding these vulnerabilities. You can find me at, =  
http://www.hackerscenter.com or http://digitalparadox.org/.=20  
Lookout for my soon to come out book on Secure coding with php.  
  
</PRE>  
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>  
<DIV><FONT face=3DArial size=3D2>Sincerely,<BR>Diabolic Crab<BR>Web =  
Security,&nbsp;=20  
Research & Development<BR>dP Security<BR>email: <A=20  
href=3D"mailto:[email protected]">[email protected]</A><BR>=  
website:=20  
<A =  
href=3D"http://www.digitalparadox.org">http://www.digitalparadox.org</A> =  
  
</FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial size=3D2>This message is confidential. It may =  
also contain=20  
information that is <BR>privileged or otherwise legally exempt from =  
disclosure.=20  
<BR>If you have received it by mistake please let us know by e-mail=20  
<BR>immediately and delete it from your system; should also not copy =  
<BR>the=20  
message nor disclose its contents to anyone. Many thanks.</FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV></BODY></HTML>  
  
------=_NextPart_000_0008_01C545EE.4A553BC0--  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jun 2005 00:00Current
7.4High risk
Vulners AI Score7.4
sql injectionduportal 3.1.2very high severityduwaredigitalparadoxhackerscenter
20