Vulnerabilities in Member Management System 2.1

2004-03-24T00:00:00
ID SECURITYVULNS:DOC:5943
Type securityvulns
Reporter Securityvulns
Modified 2004-03-24T00:00:00

Description

Title: Vulnerabilities in Member Management System 2.1

Software: Member Management System 2.1

Vendor: http://www.expinion.net/software/app_mms.asp

Impact: Disclosure of authentication information, Disclosure of user

information, Execution of arbitrary code via network, Modification of user and admin information, User access via network.

Underlying OS: Windows NT, Windows 2000, Windows 2003 or Windows XP

Professional/Server.

Vendor Description:

Quickly secure pages or portions of your web site from unregistered visitors. Easy to integrate security into existing sites! Login to admin to send 'Expiry Notices', upload & download user data, capture member activity, browser & os info, add optional fields, send subscriber newsletters, group & relate people, verify email addresses…

Vulnerabilities:

Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks.

SQL Injection#

A problem of sanitation in resend.asp, news_view.asp, could lead an attacker to inject SQL code to manipulate and disclose information from the database. The same problem is present in administration site in more scripts.

Examples: http://[host]/resend.asp?ID=[SQL query] http://[host]/news_view.asp?ID=[SQL query]

Cross-Site Scripting#

Another problem of sanitation permits an attacker inject a XSS in the register form (register.asp), this will be executed at the administration site permitting the attacker to modify or delete data. Also is possible a XSS attack in error.asp.

Example: http://[host]/error.asp?err=">[XSS] Example to delete a user: In the register form: "><iframe src=http://[host]/admin/user_del.asp?ID=[ID to delete]>

Solution:

Vendor contacted, the vulnerabilities will be addressed very soon. Thanks to Vladimir S. Pekulas. http://www.expinion.net/software/app_mms.asp

Credits:

Manuel López. mantra@gulo.org