########################## www.BugReport.ir #######################################
#
#		AmnPardaz Security Research Team
#
# Title: doITlive CMS <=2.50 Multiple Vulnerabilities
# Vendor: www.doitlive.com
# Vulnerable Version: 2.50 and prior versions
# Exploit: Available
# Impact: High
# Fix: N/A
###################################################################################

####################
1. Description:
####################
	User friendly Multiple website Site dynamic control system. Including a Content Management System for dynamic generation and publishing of information on Internet – Extranet - Intranet. doITlive is an ASP powered back-end Multi-site, browser based management tool, Supporting MS Access & MS SQL databases. 

####################
2. Vulnerabilities:
####################
	2.1. Injection Flaws. SQL Injection in "/default.asp" in "ID" parameter.
		2.1.1. Exploit:
						Check the exploit/POC section.
	2.2. Injection Flaws. SQL Injection in "/edit/default.asp" by cookie's parameters lead to bypass authentication (in remember user section).
		2.2.1. Exploit:
						Check the exploit/POC section.
	2.3. Cross Site Scripting (XSS). Reflected XSS attack in "/edit/showmedia.asp" in "File" parameter.
		2.3.1. Exploit:
						Check the exploit/POC section.
####################
3. Exploits/POCs:
####################
	Original Exploit URL: http://bugreport.ir/index.php?/43/exploit	
####################
4. Solution:
####################
	All the source codes are encoded. So, first of all, decode the source codes of "/default.asp","/edit/default.asp", and "/edit/showmedia.asp" by Microsoft Script Decoder (scrdec.exe). Then, edit the source code to ensure that inputs are properly sanitized (for 2.1, 2.2, 2.3).
####################
5. Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com