Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | Common.asp UltraApps Portal vulnerable |
|---|
Categorie: Vulnerability
Posted: 2005-03-05 by basher13
Views: 533
| Current Rating: Not rated
|
| | Details |
|---|
Update:
3:41 PM 3/5/2005
Subject:
" Common.asp UltraApps Portal vulnerable "
Description:
UltraApps Portal is a great online solution for a Club, Association, Corporation,
Nonprofit or any other company or organization. It combines several online
applications into one easy to use package.
The Portal operates on the data that is stored in central database on the server
such as MS Access, MySQL, MS SQL, etc.
It can be installed virtually on any web server, whether internal within the
organization, or external, hosted by a web hosting company.
Vulnerable was found in common.asp function that database for administration
have stored in default install path this could attacker to execute
the datasource via webbrowser and use username/password to logon
to a website.
user can download the UA Portal database file (ua_portal.mdb)
whit use web browser.when download ua_portal.mdb has done,open whit use MS Access ,
open table members name,u can found have a password for administrator.Logon on the site
whit password then user rigth can changes or modify forum,catogories,etc .'Members'table
is configuration username/password for administration and members.
Demo:
http://[host]/[filename].mdb
Members table:
member_id member_first_name member_last_name member_login member_password member_email
126 Administrator Administrator admin admin admin@admin.com
Exploit:
http://[host]/ua_portal.mdb
Solution:
'Sample source common.asp
'rename or changes data source whit the path for secure reason
'
' Filename: Common.asp
' Generated with CodeCharge 2.0.1
'===============================
' Database Connection Definition
'-------------------------------
' UltraApps Portal Connection begin
Dim cn : Set cn = Server.CreateObject("ADODB.Connection")
'-------------------------------
' Create database connection string, login and password variables
'-------------------------------
Dim strConn, strLogin, strPassword
strConn = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("ua_portal.mdb")
& ";Persist Security Info=False"
strLogin = "Admin"
strPassword = ""
'-------------------------------
'See 'ua_portal.mdb',changes this or rename for security reason.eg;Data Source=" & Server.Map
Path("ua_portal.mdb") to Data Source=" & Server.MapPath("newfolder/newname.mdb")
Vendor URL:
http://www.ultraapps.com/
Reported by:
basher13 [at]linuxmail.org
Infamous Group - http://98.to/infamous
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1406
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
