ZH2005-13SA (security advisory): NEXTWEB (i)Site™ multiple vulnerabilities
Published: 1 June 2005 - GOOD MONTH EVERYBODY ;-)
Released: 1 June 2005
Name: (i)Site™
Affected Versions: ALL
Issue: SQL injections, exception handling, unsafe directories
Author: Trash-80 - [email protected]
Vendor: http://www.nextweb.gr & http://www.isite.gr
Description
Zone-H Security Team has discovered multiple vulnerabilities in (i)Site website management system. An
expensive web application with high-profiled customers. Unsafe directories, SQL injection vulnerabilities,
failures to validate user inputs and to handle exceptional conditions were found in (i)Site.
Details
You are able to bypass the authentication process by sending a crafted
username and password that changes the SQL query in login.asp and thus
grants you with access to the administration of (i)Site.
e.g. www.victim.com/admin/login.asp
usename: attacker
password: ' or 'a'='a
e.g www.victim.com/databases/Users.mdb
e.g. www.victim.com/isite/page/*.asp?mu=&cmu='
Solution:
Vendor has been contacted on May 24th.
Since then, vendor did not reply to a series of e-mails informing him about the vulnerabilities in (i)Site.
Trash-80 form Zone-H Security Labs - [email protected] - [email protected]