[VIM] ASP Survey - confusion and provenance

Steven M. Christey coley at linus.mitre.org
Thu Feb 9 12:16:48 EST 2006


On Thu, 9 Feb 2006, security curmudgeon wrote:

> http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-0192
>
> SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows
> remote attackers to execute arbitrary SQL commands via the Password
> parameter. NOTE: the provenance of this information is unknown; the
> details are obtained solely from third party information.
>
> So we have Login_Validate.asp via unknown sources, and login.asp from this
> bugtraq post?

Just yesterday, a CVE analyst was analyzing references to add to this.
He looked at HTML source of the demo site and saw that login.asp called
Login_Validate.asp, so I modified the description accordingly; see below.

- Steve


======================================================
Name: CVE-2006-0192
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0192
Announced: 20060112
Flaw: sql-inject
Reference: BUGTRAQ:20060204 sql injection in ASP Survey
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/423949/100/0/threaded
Reference: FRSIRT:ADV-2006-0164
Reference: URL:http://www.frsirt.com/english/advisories/2006/0164
Reference: OSVDB:22342
Reference: URL:http://www.osvdb.org/22342
Reference: SECUNIA:18422
Reference: URL:http://secunia.com/advisories/18422
Reference: XF:aspsurvey-loginvalidate-sql-injection(24087)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24087

SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10
allows remote attackers to execute arbitrary SQL commands via the
Password parameter to login.asp.


Analysis:
ACCURACY: Through html source verification [Heinbockel], the login.asp
page forms use the Login_Validate.asp script.




More information about the VIM mailing list