Asbru Web Content Management XSS Vulnerabilities

2009-04-02 / 2009-04-03
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

aushack.com - Vulnerability Advisory ----------------------------------------------- Release Date: 02-Apr-2009 Software: Asbru Software - Asbru Web Content Management http://www.asbrusoft.com/ "Ready to use, full-featured, database-driven web content management system (CMS) with integrated community, databases, e-commerce and statistics modules for creating, publishing and managing rich and user-friendly Internet, Extranet and Intranet websites." Versions tested: 6.5 and 6.6.9 have been confirmed as vulnerable in the ASP release. Other versions are untested. The vendor reports JSP, PHP, ASPX immune. Vulnerability discovered: SQL Injection & XSS Vulnerability impact: High - SQL Injection in backend database. Impact depends on the security and configuration of the database. It may be possible to execute code using functons such as xp_cmdshell in poorly configured hosts. Other attacks possible include obtaining the CMS admin username and password from the database and subsequently uploading code or modifying the page content. Vulnerability information: The 'id' GET parameter of 'page.asp', 'stylesheet.asp' and 'file.asp' is vulnerable to numeric based blind SQL injection. Example: http://[victim]/page.asp?id=1 <-- main page http://[victim]/page.asp?id=1 AND 1=2 <-- returns blank (false) http://[victim]/page.asp?id=1 AND 1=1 <-- main page (true) XSS in the 'url' parameter of 'login.asp': Example: http://[victim]/webadmin/login.asp?url="><script>alert(document.cookie)</script> References: aushack.com advisory http://www.aushack.com/200904-asbru.txt Credit: Patrick Webster ( patrick_at_aushack&#46;com ) Disclosure timeline: 28-Oct-2008 - Discovered during audit. 27-Nov-2008 - Notified vendor. 28-Nov-2008 - Vendor releases patch. 02-Apr-2009 - Disclosure. EOF

References:

http://seclists.org/bugtraq/2009/Apr/0016.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top