[VIM] Partial source code verify - "RBL - ASP" scripts SQL injection
Steven M. Christey
coley at mitre.org
Wed Jan 31 14:44:54 EST 2007
Researcher: sn0oPy
Ref: BUGTRAQ RBL - ASP (scripts with db) SQL injection
http://www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded
The referenced vendor site was casually examined to try to infer
actual product names. tUrl was examined, but egrep "user|pass"
yielded nothing.
tForum's user_confirm.asp has:
>uId = Request("id")
>
>sql = "select A.* from x_User A Where A.idUser =" & uId & " AND A.sPassword = '" & Request("_pass") & "'"
tpassword's login.asp has:
> iStatus = Check_Login(Request.Form("User"),Request.Form("Password"))
>
>...
>Function Check_Login(sUser, sPass)
> Dim rs, sql
>
> sql = "SELECT * FROM tUser WHERE sCode ='" & sUser & "' AND sPassword='" & sPass & "' "
So looks like at least these two are legit. I didn't look at the
other products.
- Steve
More information about the VIM
mailing list