CyberBuild vuln.
###############################################
Vuln. discovered by : r0t
Date: 1 may 2006
vendorlink:www.smartwin.com.au/cyberbuild.htm
affected versions:last
orginal advisory:http://pridels.blogspot.com/2006/05/cyberbuild-vuln.html
###############################################
Vuln. Description:
CyberOffice Warehouse Builder contains a flaw that allows a remote sql
injection attacks.Input passed to the "SessionID" parameter in "login.asp"
and input passed to the "ProductIndex" parameter in "browse0.htm" isn't
properly sanitised before being used in a SQL query. This can be exploited
to manipulate SQL queries by injecting arbitrary SQL code.
examples:
/login.asp?SessionID=[SQL]
/browse0.htm?ProductIndex=[SQL]
examples:
/login.asp?SessionID=[XSS]
/browse0.htm?ProductIndex=[XSS]
/include/result.asp?debug=print&cols=3&lineco
lor=%23AAAAAA&menu=category&body=bodyblue&bol
d=bodyheading&hlcolor=%2388C4FF&bgcolor=%23E
0FFE0&menucolor=%23E0FFE0&hdcolor=%23B0B0B0&
idcolor=%23FFFFFF&header=bodywhite&rowcolor=[XSS]
/include/result.asp?debug=print&cols=3&linec
olor=%23AAAAAA&menu=category&body=bodyblue&b
old=bodyheading&hlcolor=%2388C4FF&bgcolor=%2
3E0FFE0&menucolor=%23E0FFE0&hdcolor=%23B0B0
B0&idcolor=%23FFFFFF&header=bodywhite&rowco
lor=%23E0FFE0&row=bodyblack&label=bodyblue&
heading=[XSS]
###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/