Print Page | Close Window

INJECTION SQL IN MODULE ASP AND PHP

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Web Interface Mods
Forum Description: Open to all users who wish to share their quarantine web interface modifications
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6949
Printed Date: 18 November 2017 at 8:21pm


Topic: INJECTION SQL IN MODULE ASP AND PHP
Posted By: Thebras
Subject: INJECTION SQL IN MODULE ASP AND PHP
Date Posted: 19 May 2011 at 10:40am
HELLO
You have injections SQL in all your query

For an windows server IIS + ASP
the loggin with ADMINISTRATOR ACCOUNT IS BYPASSABLE

!!
Please learn to devellop in php or .net

thanks for all your client.


-------------
BIND



Replies:
Posted By: AndrewD
Date Posted: 24 May 2011 at 12:30am
The sample asp and php sites are simple sites that are provided "as is". My updated site that is listed in my signature below is blocking injections to the best of my checking.
 
If you are aware of any open injections please let me know the relevent page and control and I will fix them.
 
Thankyou for your fedback.


-------------
Spamfilter web interface. www.tyrexpg.com.au

See http://www.logsat.com/SpamFilter/Forums/forum_posts.asp?TID=6883


Posted By: Thebras
Date Posted: 26 May 2011 at 11:28am
EDIT :
folow:
http://www.tyrexpg.com.au/Settings.asp?Setting=Domains&A=Edit&U=152&D=-1%20union%20select%201

MySQL][ODBC 3.51 Driver][mysqld-5.0.67-community-nt]The used SELECT statements have a different number of columns

/Settings.asp, line 2698



it's in YOUR application :/ConfusedConfused
Goto: php is more easy to have an safety application.

sry for my english, i'm french
________________

Oh !
It's not about the sample version.
(so the sample have  sql injection on each query) (i had php in the title because i see injection in the code.)

In my compagny we have a full version,

Look the file into the directory SpamfilterWeb :

SpamFilterWeb$ find .
.
./css
./css/styles1.css
./default.asp
./images
./images/cal.gif
./images/double_left.gif
./images/submit_button_org.gif
./images/databoxes_right.gif
./images/right.gif
./images/databoxes_left.gif
./images/down.gif
./images/widget_close_box_dark.gif
./images/spacer.gif
./images/previous.gif
./images/up.gif
./images/next.gif
./images/last.gif
./images/left.gif
./images/expand.gif
./images/banner_logout.gif
./images/double_right.gif
./images/first.gif
./images/collapse.gif
./images/nav_carrot_orange.gif
./README.TXT
./db
./db/alter_tbllogins.sql
./db/create_tbl_logindomains.sql
./db/MySQL-Update-v3.5.3.695.sql
./classicasp
./classicasp/countries.asp
./classicasp/incExchangeDataBoxes.js
./classicasp/SubmitProfile.asp
./classicasp/css
./classicasp/css/styles1.css
./classicasp/sfdb.asp
./classicasp/ListUsers.asp
./classicasp/AssignRandPassword.asp
./classicasp/utils.asp
./classicasp/SubmitLogon.asp
./classicasp/Profile.asp
./classicasp/const.asp
./classicasp/default.asp
./classicasp/spf.asp
./classicasp/adovbs.inc
./classicasp/SubmitSuperUser.asp
./classicasp/incexchangedataboxes.asp
./classicasp/Login.asp
./classicasp/PasswordChange.asp
./classicasp/images
./classicasp/images/cal.gif
./classicasp/images/double_left.gif
./classicasp/images/submit_button_org.gif
./classicasp/images/databoxes_right.gif
./classicasp/images/right.gif
./classicasp/images/databoxes_left.gif
./classicasp/images/down.gif
./classicasp/images/widget_close_box_dark.gif
./classicasp/images/spacer.gif
./classicasp/images/previous.gif
./classicasp/images/up.gif
./classicasp/images/next.gif
./classicasp/images/last.gif
./classicasp/images/left.gif
./classicasp/images/expand.gif
./classicasp/images/banner_logout.gif
./classicasp/images/double_right.gif
./classicasp/images/first.gif
./classicasp/images/collapse.gif
./classicasp/images/nav_carrot_orange.gif
./classicasp/securecheck.asp
./classicasp/logoutdisplay.asp
./classicasp/setpwd.asp
./classicasp/FilterSettings.asp
./classicasp/ForgotPassword.asp
./classicasp/ResolveSpam.asp
./classicasp/ListSpam.asp
./classicasp/GetSetRecordsPerPage.asp
./classicasp/AddNew.asp
./classicasp/cleanup.asp
./classicasp/AssignSuperUser.asp
./classicasp/admin.asp
./classicasp/authenticate.asp
./classicasp/ResetDomainIncludeFirst.asp
./classicasp/logout.asp
./classicasp/black.asp
./classicasp/white.asp


ps "helo" from France



-------------
BIND


Posted By: AndrewD
Date Posted: 26 May 2011 at 9:28pm
Your English is better than my French ;)
 
I see what you are sying with regards to the injection above.
1. This injection only applies after you have a valid logon.
2. I have not yet run through all the post logon pages to sanitize against injection as i am yet to see a user who is internal to a company try to hack/corrupt an application. I know this is not a reason to just forget about sanitization, but i will get to it when i can.
 
as for "Goto: php is more easy to have an safety application."
i really do not want to get into this argument as it has been had a million times on forums on the internet. The bottom line seems to allways come back to, they are both brilliant products and have their pros and cons. It really comes down to which is going to be easier for your existing platform and knowledge.
As my background is VB, and VBScript. ASP was a very small learning curve for me. I am not a developer, i am a network administrator that can also do some development.
 
"Look the file into the directory SpamfilterWeb : " i am unable to understand what you mean by this. please feel free to explain more.
 
I understand that it may not be appropriate to answer some questions or pass some information as part of an open forum here so feel free to email me with any information that you think I need to know.
 
ps. Hello from Australia
 


-------------
Spamfilter web interface. www.tyrexpg.com.au

See http://www.logsat.com/SpamFilter/Forums/forum_posts.asp?TID=6883


Posted By: Thebras
Date Posted: 27 May 2011 at 5:07am
Well,

i know all your problems (je comprends tout tes problèmes en tant qu'administrateur réseaux.)
but :
Your application is download an usable by all,(Votre application est téléchargeable, et utilisable par n'importe qui, et n'importe qui peut lire sont code source.)
and if the vulnérabilites are know,(Et si les failles de sécurités sont analysé et découverte)
it's possible to an hacker to escalade priviliege and grant. (Il sera possible pour des hacker, de monter en privilèges, et d'obtenir un acces plus important sur le réseaux de la cible.)

To have an valid logon, you juste requiere to have an client acces.
(Pour avoir un compte valide, il suffit simplement d'être un client de l'entreprise et d'avoir un domaine à configurer sur spamfilter.)
Or not:(ou pas)
http://www.tyrexpg.com.au/emailrep.asp?l=152&d=%2812%20union%20select%201%20--%29&test=screen
this injection, (i not try to exploit it)
is accessible with no logon..
( cette injection sql, est utilisable, ainsi que beaucoup d'autres dans d'autres pages, sans être connecté sur le site.)

If the user of your application use classique password of mysql /mssql database it's possible to have an root acces easy on the server host,
and after : corrupt all the Local LAN.
(Si l'utilisateur de cette application utilise des identifiant classique pour la base mssql or mysql, tel que SA / root, il sera possible d'obtenir un acces root sur le server)

but, i like your interface spamfilter :) (mais j'aime bien votre interface)

"
"Look the file into the directory SpamfilterWeb : " i am unable to understand what you mean by this. please feel free to explain more.""

it's the listing file of my version "spamfilter web interface", compagny edtion.
(c'est la liste des fichiers de l'inteface web de configuration spam filter, qui n'est pas simplement un exemple, et utilisé par des clients.)

cordialement
:)


-------------
BIND



Print Page | Close Window