logo
DATABASE RESOURCES PRICING ABOUT US

SASPCMS Multiple Vulnerabilities

Description

##########################www.BugReport.ir######################################## # # AmnPardaz Security Research Team # # Title: SASPCMS Multiple Vulnerabilities # Vendor: http://www.lgasoft.com # Vulnerable Version: 0.9 (prior versions also may be affected) # Exploitation: Remote with browser # Fix: N/A ################################################################################### #################### - Description: #################### SASPCMS is an ASP Content Management System . SASPCMS witch uses MSSQL & Microsoft Access as backend database. #################### - Vulnerability: #################### +-->Authentication Bypass POC: ' or ''=' http://[URL]/saspcms/admin/default.asp +-->Database Information Disclosure POC: http://[URL]/saspcms/db/menu.mdb +-->Cross Site Scripting (XSS). Reflected XSS attack in "default.asp" in "q" parameter. POC: http://[URL]/saspcms/default.asp?q=<script>alert(document.cookie)</script> #################### - PoC: #################### It's possible for remote attackers to upload arbitrary files by using FCKEditor after login to admin area. http://www.bugreport.ir/64/exploit.htm #################### - Solution: #################### Edit the source code to ensure that inputs are properly sanitized. #################### - Credit: #################### AmnPardaz Security Research & Penetration Testing Group Contact: admin[4t}bugreport{d0t]ir www.BugReport.ir www.AmnPardaz.com