Vulnerabilities > CVE-2005-2046 - SQL-Injection vulnerability in Duamazon PRO 3.0/3.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

duware

nessus

exploit available

NVD

Published: 2005-06-22

Updated: 2016-10-18

Summary

Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp.

Vulnerable Configurations

Part	Description	Count
Application	Duware Duware Duamazon PRO 3.0 Duware Duamazon PRO 3.1	2

Exploit-Db

description	DUware DUamazon Pro 3.0/3.1 catDelete.asp iCat Parameter SQL Injection. CVE-2005-2046. Webapps exploit for asp platform
id	EDB-ID:25863
last seen	2016-02-03
modified	2005-06-22
published	2005-06-22
reporter	Dedi Dwianto
source	https://www.exploit-db.com/download/25863/
title	DUware DUamazon Pro 3.0/3.1 catDelete.asp iCat Parameter SQL Injection

description	DUware DUamazon Pro 3.0/3.1 type.asp iType Parameter SQL Injection. CVE-2005-2046. Webapps exploit for php platform
id	EDB-ID:25860
last seen	2016-02-03
modified	2005-06-22
published	2005-06-22
reporter	Dedi Dwianto
source	https://www.exploit-db.com/download/25860/
title	DUware DUamazon Pro 3.0/3.1 type.asp iType Parameter SQL Injection

description	DUware DUamazon Pro 3.0/3.1 detail.asp iSub Parameter SQL Injection. CVE-2005-2046. Webapps exploit for asp platform
id	EDB-ID:25865
last seen	2016-02-03
modified	2005-06-22
published	2005-06-22
reporter	Dedi Dwianto
source	https://www.exploit-db.com/download/25865/
title	DUware DUamazon Pro 3.0/3.1 detail.asp iSub Parameter SQL Injection

description	DUware DUamazon Pro 3.0/3.1 review.asp iPro Parameter SQL Injection. CVE-2005-2046. Webapps exploit for asp platform
id	EDB-ID:25864
last seen	2016-02-03
modified	2005-06-22
published	2005-06-22
reporter	Dedi Dwianto
source	https://www.exploit-db.com/download/25864/
title	DUware DUamazon Pro 3.0/3.1 review.asp iPro Parameter SQL Injection

Nessus

NASL family	CGI abuses
NASL id	DUAMAZON_SQL_INJECTIONS.NASL
description	The remote host is running DUamazon Pro, an ASP-based storefront from DUware for Amazon affiliates. The installed version of DUamazon Pro fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database queries, possibly disclosing sensitive data and launching attacks against the underlying database.
last seen	2020-06-01
modified	2020-06-02
plugin id	18565
published	2005-06-28
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18565
title	DUamazon Pro Multiple Scripts SQL Injection
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18565); script_version("1.16"); script_cve_id("CVE-2005-2046"); script_bugtraq_id(14033); script_name(english:"DUamazon Pro Multiple Scripts SQL Injection"); script_set_attribute(attribute:"synopsis", value: "The remote web server contains an ASP application that is vulnerable to multiple SQL injection attacks." ); script_set_attribute(attribute:"description", value: "The remote host is running DUamazon Pro, an ASP-based storefront from DUware for Amazon affiliates. The installed version of DUamazon Pro fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database queries, possibly disclosing sensitive data and launching attacks against the underlying database." ); script_set_attribute(attribute:"see_also", value:"http://echo.or.id/adv/adv19-theday-2005.txt" ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2005/Jun/175" ); script_set_attribute(attribute:"solution", value: "Unknown at this time." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/06/28"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/06/22"); script_cvs_date("Date: 2018/11/15 20:50:16"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); summary["english"] = "Checks for multiple SQL injection vulnerabilities in DUamazon Pro"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("http_version.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); script_require_keys("www/ASP"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); if (!can_host_asp(port:port)) exit(0); # Loop through CGI directories. foreach dir (cgi_dirs()) { # Try to exploit one of the flaws. u = string( dir, "/shops/sub.asp?", "iSub=", SCRIPT_NAME, "'" ); r = http_send_recv3(port:port, method: "GET", item: u); if (isnull(r)) exit(0); # There's a problem if... if ( # it looks like DUamazon Pro and... 'href="../css/DUamazonPro.css" rel="stylesheet" ' >< r[2] && # there's a syntax error. egrep(string:r[2], pattern:string("Syntax error .+ AND PRO_SUBS.SUB_ID = ", SCRIPT_NAME, "'")) ) { security_hole(port); set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE); exit(0); } }

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References