ASPapp.com products execute code in multiple scripts
| aspapp-products-execute-code (14041) |  High Risk |
Description:
IntranetApp, PortalApp, and ProjectApp could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability in multiple ASP scripts. A remote attacker could inject malicious code into multiple fields and scripts, including the Title and message form fields of the forums.asp script when posting a new message, which will be executed when messages are posted to the Web site. In addition, the submit.asp, which will be executed when the administrator accepts or denies submissions, or the First Name, Last Name or Country fields of the upd_user.asp user form fields, used to update profiles, which will be executed when the affected profile is viewed. An attacker can exploit this vulnerability to execute arbitrary code on the system.
Platforms Affected:
- ASPapp, IntranetApp
- Iatek, PortalApp
- Iatek, ProjectApp
Remedy:
No remedy available as of November 29, 2008.
Consequences:
Gain Access
References:
- BugTraq Mailing List, Thu Dec 18 2003 - 12:47:53 CST , Multiple Vulnerabilities In ASPapp Products at http://archives.neohapsis.com/archives/bugtraq/2003-12/0274.html.
- BID-9250: Multiple ASPapp Portal Vulnerabilities
Reported:
Dec 18, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net