[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Xigla Multiple Products - Multiple Vulnerabilities
From: Admin () bugreport ! ir
Date: 2008-06-11 20:21:50
Message-ID: 20080611202150.16861.qmail () securityfocus ! com
[Download RAW message or body]
########################## www.BugReport.ir #######################################
#
# AmnPardaz Security Research Team
#
# Title: Xigla Multiple Products - Multiple Vulnerabilities
# Vendor: http://www.xigla.com/
# Exploit: N/A
# Impact: Medium
# Fix: N/A
# Original Advisory: http://bugreport.ir/index.php?/41
###################################################################################
####################
1. Description:
####################
Xigla company has several web based products (From content management systems to \
live help solutions) to enhance the websites. 1.1. Absolute Live Support XE: \
Absolute Live Support is a live customer support software for your web site that \
enables visitors to instantaneously communicate with your customer service personnel. \
1.2. Absolute News Manager XE: Absolute News Manager is a powerful web site news \
and article content management system. 1.3. Absolute Banner Manager XE: Absolute \
Banner Manager is the most complete, robust and easy to use web based banner \
management and ad tracking software. 1.4. Absolute Form Processor XE: The Absolute \
Form Processor is a powerful tool for processing your web based HTML forms. You don’t \
have to waste time developing server code, validation rules , form mailers or auto \
responders for your web forms, this application does all this for you. 1.5. Absolute \
Image Gallery XE: The complete and powerful media gallery software that makes \
creating and maintaining images and multimedia galleries a snap. The code resides on \
your web server and searches your web site for new images and files to add to your \
gallery. 1.6. Absolute Poll Manager XE: Absolute Poll Manager is a complete and \
easy-to-use survey software for dynamically adding polls and surveys to your site \
while creating interest among your site visitors and gathering valuable information \
about what they think. 1.7. Absolute Control Panel XE: Absolute Control Panel is a \
web based interfacing system specially designed to provide centralized access to your \
web based applications and Xigla application modules. It has been developed as a \
practical access point to our web based suite of solutions on your web sites.
####################
2. Vulnerabilities:
####################
2.1. Absolute Live Support XE (ASP version 5.1) (admin)
2.1.1. SQL Injection in "search.asp" by "orderby" parameter.
POC:
http://[URL]/xlaabsolutels/search.asp?orderby=[SQL INJECTION]
2.1.2. XSS in "search.asp" (all fields are vulnerable).
POC:
http://[URL]/xlaabsolutels/admin/search.asp
2.2. Absolute News Manager XE (ASP version 3.2) (admin)
2.2.1 SQL Injection in "search.asp".
POC:
http://[URL]/xlaabsolutenm/search.asp?orderby=[SQL INJECTION]
2.2.1. XSS in "anmviewer.asp", "search.asp","editarticleX.asp","publishers.asp" \
(all fields are vulnerable). POC:
http://[URL]/xlaabsolutenm/admin/anmviewer.asp
http://[URL]/xlaabsolutenm/admin/search.asp
http://[URL]/xlaabsolutenm/admin/editarticleX.asp
http://[URL]/xlaabsolutenm/admin/publishers.asp
2.3. Absolute Banner Manager XE (ASP version) (admin)
2.3.1. SQL Injection in "searchbanners.asp".
POC:
http://[URL]/xlaabsolutebm/searchbanners.asp?orderby=[SQL INJECTION]
2.3.2. XSS in "searchbanners.asp","listadvertisers.asp" (all fields are \
vulnerable). POC:
http://[URL]/xlaabsolutebm/admin/searchbanners.asp
http://[URL]/xlaabsolutebm/admin/listadvertisers.asp
2.4. Absolute Form Processor XE (ASP version 4.0) (admin)
2.4.1. SQL Injection in "search.asp".
POC:
http://[URL]/absolutefp/search.asp?orderby=[SQL INJECTION]
2.4.2. XSS in "search.asp", "users.asp" (all fields are vulnerable).
POC:
http://[URL]/absolutefp/admin/search.asp
http://[URL]/absolutefp/admin/users.asp
2.5. Absolute Image Gallery XE
2.5.1. SQL Injection in "gallery.asp".
POC:
http://[URL]/xlaabsoluteig/gallery.asp?action=viewimage&categoryid=[SQL \
INJECTION]
2.5.2. XSS in "gallery.asp", "search.asp" (all fields are vulnerable).
POC:
http://[URL]/xlaabsoluteig/admin/search.asp
2.6. Absolute Poll Manager XE (admin)
2.6.1. SQL Injection in "search.asp".
POC:
http://[URL]/xlaabsolutepm/search.asp?orderby=[SQL INJECTION]
2.6.2. XSS in "search.asp" (all fields are vulnerable).
POC:
http://[URL]/xlaabsolutepm/admin/search.asp
2.7. Absolute Control Panel XE
2.7.1 XSS in "admin/users.asp" (all fields are vulnerable).
POC:
http://[URL]/xlaabsolutecp/users.asp
####################
3. Solution:
####################
Edit the source code to ensure that all inputs are properly sanitised.
####################
4. Credit :
####################
AmnPardaz Security Research Team
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic