|
HSC Research Group -
Advisories
|
|
Written by Hackers Center
|
|
Thursday, 14 December 2006 09:40 |
 ###############################################################
---------------------------- [HSC] HackersCenter IT Security Research Team ---------------------------
###############################################################
ScriptMate User Manager is a Password Protection and User Management System for any website running on ASP. It comes with complete source code and can be configured through a simple config file. ScriptMate User Manager can be completely administered from a web browser. It comes with a Microsoft Access Database. ScriptMate User Manager is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. SQL Injectionions also work. Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control the site. The Logins and Search box are also vul to xss attacks and may leak important data. The Vendor has been contacted.
This issue affects version 2.1 and older version is vulnerable.
Vendor: www.scriptmate.com
Credit: HackersCenter IT Security Team
Date Found: 12/8/2006
Class: Input Validation Error
Remote: Yes
Local: Yes
XSS: example used "><plaintext>
Login: "/smusermanager/members/default.asp?action=login"
- input XSS for [user] and [password]
or
http://www.Example.com/smusermanager/members/default.asp?action=
login&url=/smusermanager/admin/Default.asp?=XSS
Exploit: Exploit Is not needed.
SQL Hole: (version 2.0)
"/smusermanager/utilities/usermessages.asp?mesid=[SQL]"
Version 2.1 is also be vulnerable to sql attack.
Many SQL attacks are posible in the "Manage Resources"
Test The app for free here:
http://smum.scriptmate.net/smusermanager/admin/default.asp?action=home
|
