SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

Xigla Multiple Products - Multiple Vulnerabilities


Arrow  SecurityAlert : 3950
Arrow  CVE : CVE-2008-2756
Arrow  CVE : CVE-2008-2757
Arrow  CVE : CVE-2008-2758
Arrow  CVE : CVE-2008-2759
Arrow  CVE : CVE-2008-2760
Arrow  CVE : CVE-2008-2761
Arrow  CVE : CVE-2008-2762
Arrow  CVE : CVE-2008-2763
Arrow  CVE : CVE-2008-2764
Arrow  CVE : CVE-2008-2765
Arrow  CVE : CVE-2008-2766
Arrow  CVE : CVE-2008-2767
Arrow  CVE : CVE-2008-2768
Arrow  CWE : CWE-79
Arrow  CWE : CWE-89
Arrow  CWE : CWE-79
Arrow  CWE : CWE-79
Arrow  CWE : CWE-89
Arrow  CWE : CWE-79
Arrow  CWE : CWE-89
Arrow  CWE : CWE-89
Arrow  CWE : CWE-79
Arrow  CWE : CWE-89
Arrow  CWE : CWE-79
Arrow  CWE : CWE-89
Arrow  CWE : CWE-79
Arrow  SecurityRisk : High  Security Risk High  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Victim interaction required : Yes
Arrow  Exploit Available : Yes
Arrow  Credit : AmnPardaz
Arrow  Published : 22.06.2008

Arrow  Affected Software : XIGLA, Absolute_control_panel_xe, 1.0



Arrow  Advisory Content :  


########################## www.BugReport.ir
#######################################
#
# AmnPardaz Security Research Team
#
# Title: Xigla Multiple Products - Multiple Vulnerabilities
# Vendor: http://www.xigla.com/
# Exploit: N/A
# Impact: Medium
# Fix: N/A
# Original Advisory: http://bugreport.ir/index.php?/41
###########################################################################
########


####################
1. Description:
####################

Xigla company has several web based products (From content management
systems tolive help solutions) to enhance the websites. 1.1. Absolute Live
Support XE: Absolute Live Support is a live customer support software for
your web site thatenables visitors to instantaneously communicate with your
customer service personnel.1.2. Absolute News Manager XE: Absolute News
Manager is a powerful web site newsand article content management system.
1.3. Absolute Banner Manager XE: AbsoluteBanner Manager is the most
complete, robust and easy to use web based bannermanagement and ad tracking
software. 1.4. Absolute Form Processor XE: The AbsoluteForm Processor is a
powerful tool for processing your web based HTML forms. You
don�thave to waste time developing server code, validation rules ,
form mailers or autoresponders for your web forms, this application does
all this for you. 1.5. AbsoluteImage Gallery XE: The complete and
powerful media gallery software that makescreating and maintaining images
and multimedia galleries a snap. The code resides onyour web server and
searches your web site for new images and files to add to yourgallery.
1.6. Absolute Poll Manager XE: Absolute Poll Manager is a complete
andeasy-to-use survey software for dynamically adding polls and surveys to
your sitewhile creating interest among your site visitors and gathering
valuable informationabout what they think. 1.7. Absolute Control Panel XE:
Absolute Control Panel is aweb based interfacing system specially designed
to provide centralized access to yourweb based applications and Xigla
application modules. It has been developed as apractical access point to
our web based suite of solutions on your web sites.

####################
2. Vulnerabilities:
####################
2.1. Absolute Live Support XE (ASP version 5.1) (admin)
2.1.1. SQL Injection in "search.asp" by "orderby" parameter.
POC:
http://[URL]/xlaabsolutels/search.asp?orderby=[SQL INJECTION]

2.1.2. XSS in "search.asp" (all fields are vulnerable).
POC:
http://[URL]/xlaabsolutels/admin/search.asp

2.2. Absolute News Manager XE (ASP version 3.2) (admin)
2.2.1 SQL Injection in "search.asp".
POC:
http://[URL]/xlaabsolutenm/search.asp?orderby=[SQL INJECTION]

2.2.1. XSS in "anmviewer.asp",
"search.asp","editarticleX.asp","publishers.asp"(all fields are
vulnerable). POC:
http://[URL]/xlaabsolutenm/admin/anmviewer.asp
http://[URL]/xlaabsolutenm/admin/search.asp
http://[URL]/xlaabsolutenm/admin/editarticleX.asp
http://[URL]/xlaabsolutenm/admin/publishers.asp

2.3. Absolute Banner Manager XE (ASP version) (admin)
2.3.1. SQL Injection in "searchbanners.asp".
POC:
http://[URL]/xlaabsolutebm/searchbanners.asp?orderby=[SQL INJECTION]

2.3.2. XSS in "searchbanners.asp","listadvertisers.asp" (all fields
arevulnerable). POC:
http://[URL]/xlaabsolutebm/admin/searchbanners.asp
http://[URL]/xlaabsolutebm/admin/listadvertisers.asp

2.4. Absolute Form Processor XE (ASP version 4.0) (admin)
2.4.1. SQL Injection in "search.asp".
POC:
http://[URL]/absolutefp/search.asp?orderby=[SQL INJECTION]

2.4.2. XSS in "search.asp", "users.asp" (all fields are vulnerable).
POC:
http://[URL]/absolutefp/admin/search.asp
http://[URL]/absolutefp/admin/users.asp

2.5. Absolute Image Gallery XE
2.5.1. SQL Injection in "gallery.asp".
POC:
http://[URL]/xlaabsoluteig/gallery.asp?action=viewimage&categoryid=[SQL
INJECTION]
2.5.2. XSS in "gallery.asp", "search.asp" (all fields are vulnerable).
POC:
http://[URL]/xlaabsoluteig/admin/search.asp

2.6. Absolute Poll Manager XE (admin)
2.6.1. SQL Injection in "search.asp".
POC:
http://[URL]/xlaabsolutepm/search.asp?orderby=[SQL INJECTION]

2.6.2. XSS in "search.asp" (all fields are vulnerable).
POC:
http://[URL]/xlaabsolutepm/admin/search.asp
2.7. Absolute Control Panel XE
2.7.1 XSS in "admin/users.asp" (all fields are vulnerable).
POC:
http://[URL]/xlaabsolutecp/users.asp

####################
3. Solution:
####################
Edit the source code to ensure that all inputs are properly sanitised.
####################
4. Credit :
####################
AmnPardaz Security Research Team
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com




Arrow  References :

http://www.securityfocus.com/bid/29672
http://secunia.com/advisories/30609
http://marc.info/?l=bugtraq&m=121322052622903&w=2
http://bugreport.ir/index.php?/41




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc:fts_*() Multiple Denial of Service

Security Risk Medium- 2009-10-02

The fts functions are provided for traversing UNIX file hierarchies...
Apache RSS Apache Alert

» Apache 1.3.41 mod_proxy
   Integer overflow (code
   execution)

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion in work
   directory

» Apache Tomcat 6.0.20 and
   5.5.28 insecure partial
   deploy after failed
   undeploy

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion and/or
   alteration
PHP RSS PHP Alert

» PHP 5.2.12/5.3.1
   session.save_path
   safe_mode and
   open_basedir bypass

» PHP 5.2.12/5.3.1 Multiple
   Vulnerabilities

» PHP 5.2.11 libgd multiple
   vulnerabilities

» PHP 5.2.11 tempnam()
   safe_mode bypass
Copyright © SecurityReason.com. All Rights Reserved.