21385 : DUware Multiple Products type.asp iType SQL Injection
Printer | http://osvdb.org/21385 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

6 months ago

Percent Complete

100%

Disclosure

Dec 02, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Multiple DUware products contain a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the type.asp script not properly sanitizing user-supplied input to the iType variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unavailable
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

DUware	DUclassified	4.2
	DUdirectory	3.1
	DUamazon	3.1
	DUarticle	1.1
	DUdownload	1.1
	DUnews	1.1
	DUpaypal	3.1
	DUgallery	3.3
	DUdirectory Pro	3.0
	DUpaypal Pro	3.0
	DUdirectory Pro SQL	3.0

References

Bugtraq ID: 15681
Secunia Advisory ID: 17835
CVE ID: 2005-3976 (see also: NVD)
FrSIRT Advisory: ADV-2005-2700
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0026.html
Vendor URL: http://www.duware.com/products/

Tools & Filters

Nessus	20253

Credit

Syst3m_f4ult - Crouz Security Team

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

DUware

DUclassified

DUdirectory

DUamazon

DUarticle

DUdownload

DUnews

DUpaypal

DUgallery

DUdirectory Pro

DUpaypal Pro

DUdirectory Pro SQL

References

Tools & Filters

Credit

Blogs

Comments