Vulnerabilities > CVE-2005-2046 - Unspecified vulnerability in Duware Duamazon PRO 3.0/3.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
duware
nessus
exploit available

Summary

Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp.

Vulnerable Configurations

Part Description Count
Application
Duware
2

Exploit-Db

  • descriptionDUware DUamazon Pro 3.0/3.1 catDelete.asp iCat Parameter SQL Injection. CVE-2005-2046. Webapps exploit for asp platform
    idEDB-ID:25863
    last seen2016-02-03
    modified2005-06-22
    published2005-06-22
    reporterDedi Dwianto
    sourcehttps://www.exploit-db.com/download/25863/
    titleDUware DUamazon Pro 3.0/3.1 catDelete.asp iCat Parameter SQL Injection
  • descriptionDUware DUamazon Pro 3.0/3.1 type.asp iType Parameter SQL Injection. CVE-2005-2046. Webapps exploit for php platform
    idEDB-ID:25860
    last seen2016-02-03
    modified2005-06-22
    published2005-06-22
    reporterDedi Dwianto
    sourcehttps://www.exploit-db.com/download/25860/
    titleDUware DUamazon Pro 3.0/3.1 type.asp iType Parameter SQL Injection
  • descriptionDUware DUamazon Pro 3.0/3.1 detail.asp iSub Parameter SQL Injection. CVE-2005-2046. Webapps exploit for asp platform
    idEDB-ID:25865
    last seen2016-02-03
    modified2005-06-22
    published2005-06-22
    reporterDedi Dwianto
    sourcehttps://www.exploit-db.com/download/25865/
    titleDUware DUamazon Pro 3.0/3.1 detail.asp iSub Parameter SQL Injection
  • descriptionDUware DUamazon Pro 3.0/3.1 review.asp iPro Parameter SQL Injection. CVE-2005-2046. Webapps exploit for asp platform
    idEDB-ID:25864
    last seen2016-02-03
    modified2005-06-22
    published2005-06-22
    reporterDedi Dwianto
    sourcehttps://www.exploit-db.com/download/25864/
    titleDUware DUamazon Pro 3.0/3.1 review.asp iPro Parameter SQL Injection

Nessus

NASL familyCGI abuses
NASL idDUAMAZON_SQL_INJECTIONS.NASL
descriptionThe remote host is running DUamazon Pro, an ASP-based storefront from DUware for Amazon affiliates. The installed version of DUamazon Pro fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database queries, possibly disclosing sensitive data and launching attacks against the underlying database.
last seen2020-06-01
modified2020-06-02
plugin id18565
published2005-06-28
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18565
titleDUamazon Pro Multiple Scripts SQL Injection
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if (description) {
  script_id(18565);
  script_version("1.16");

  script_cve_id("CVE-2005-2046");
  script_bugtraq_id(14033);

  script_name(english:"DUamazon Pro Multiple Scripts SQL Injection");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server contains an ASP application that is vulnerable
to multiple SQL injection attacks." );
 script_set_attribute(attribute:"description", value:
"The remote host is running DUamazon Pro, an ASP-based storefront from
DUware for Amazon affiliates. 

The installed version of DUamazon Pro fails to properly sanitize user-
supplied input in several instances before using it in SQL queries. 
By exploiting these flaws, an attacker can affect database queries,
possibly disclosing sensitive data and launching attacks against the
underlying database." );
 script_set_attribute(attribute:"see_also", value:"http://echo.or.id/adv/adv19-theday-2005.txt" );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2005/Jun/175" );
 script_set_attribute(attribute:"solution", value:
"Unknown at this time." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2005/06/28");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/06/22");
 script_cvs_date("Date: 2018/11/15 20:50:16");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
  summary["english"] = "Checks for multiple SQL injection vulnerabilities in DUamazon Pro";
  script_summary(english:summary["english"]);
 
  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");

  script_dependencies("http_version.nasl");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);
  script_require_keys("www/ASP");
  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


port = get_http_port(default:80);
if (!can_host_asp(port:port)) exit(0);


# Loop through CGI directories.
foreach dir (cgi_dirs()) {
  # Try to exploit one of the flaws.
  u = string(
      dir, "/shops/sub.asp?",
      "iSub=", SCRIPT_NAME, "'"
    );
  r = http_send_recv3(port:port, method: "GET", item: u);
  if (isnull(r)) exit(0);

  # There's a problem if...
  if (
    # it looks like DUamazon Pro and...
    'href="../css/DUamazonPro.css" rel="stylesheet" ' >< r[2] && 
    # there's a syntax error.
    egrep(string:r[2], pattern:string("Syntax error .+ AND PRO_SUBS.SUB_ID = ", SCRIPT_NAME, "'"))
  ) {
    security_hole(port);
    set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);
    exit(0);
  }
}