Plesk Small Business Manager 10.2 cross site scripting remote SQL injection

2010.10.27
Credit: sqlhacker
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

XSS + SQL Injection in Plesk Small Business Manager 10.2 + Site Editor ######################################################################## # Vendor: Plesk Small Business Manager 10.2 + Site Editor # Product Description URL http://www.parallels.com/products/small-business-panel/ # Date: 2010-09-17 # Author : David Hoyt ? http://cloudscan.me # Contact : h02332@gmail.com # Home : http://cloudscan.me # Dork : Small Business Manager # Bug : Cross Site Scripting + SQL Injection # Tested on : Plesk Small Business Manager 10.2.0 // Windows 2008 /64/R2 # Disclosure : Uncoordinated ######################################################################## UPDATED OCT-14-2010 NOTE TO PARALLELS TEAM: EXPANDED INFO IN [Parallels #1020740] Security issues PSBP and SiteEditor. Here are the Audit Reports: URL Reports for Plesk Small Business Manager 20.2.0 + Site Editor http://cloudscan.me/examples/plesk-reports/plesk-10.2.0.html http://cloudscan.me/examples/plesk-reports/plesk-10.2.0-site-editor.html http://cloudscan.me/examples/plesk-reports/plesk-10.2.0-site-editor.xml Picture Proofs: http://cloudscan.me/images/plesk-cover-1.jpg http://cloudscan.me/images/plesk-small-biz-10.2.0-sqli-2-1.jpg http://cloudscan.me/images/plesk-site-editor-sqli-1-1.jpg http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-1-1.jpg http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-2-1.jpg http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-5.jpg http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-6.jpg http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-7.jpg http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-8.jpg http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-9.jpg http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-11.jpg http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-12.jpg Vulnerability Examples: ---------------------------------------- 1. SQL Injection Summary Severity: High Confidence: Certain Host: http://vulnerable.plesk.smb.10.2.0.site:8880 Path: /plesk/client@1/domain@1/hosting/file-manager/create-dir/ Severity: High Confidence: Certain Host: http://vulnerable.plesk.smb.10.2.0.site:8880 Path: /plesk/client@1/domain@1/hosting/file-manager/permissions/ 2. Cross-site scripting (reflected) 2.1. http://vulnerable.plesk.smb.10.2.0.site:8880/smb/app/available/id/apscatalog/ [category parameter] 2.2. http://vulnerable.plesk.smb.10.2.0.site:8880/smb/app/available/id/apscatalog/ [category parameter] 2.3. http://vulnerable.plesk.smb.10.2.0.site:8880/smb/app/available/id/apscatalog/ [category parameter] 2.4. http://vulnerable.plesk.smb.10.2.0.site:8880/smb/file/copy [items%5B0%5D parameter] 2.5. http://vulnerable.plesk.smb.10.2.0.site:8880/smb/file/index/type/external/ [folder parameter] Summary Severity: High Confidence: Certain Host: http://vulnerable.plesk.smb.10.2.0.site:8880 Path: /smb/app/available/id/apscatalog/ Severity: High Confidence: Certain Host: http://vulnerable.plesk.smb.10.2.0.site:8880 Path: /smb/app/available/id/apscatalog/ Severity: High Confidence: Certain Host: http://vulnerable.plesk.smb.10.2.0.site:8880 Path: /smb/file/copy Severity: High Confidence: Certain Host: http://vulnerable.plesk.smb.10.2.0.site:8880 Path: /smb/file/index/type/external/ DETAILS ON SITE EDITOR: 1. SQL injection 1.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html [currentPageId parameter] 1.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery [filelist cookie] 1.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Image/Edit [PLESKSESSID cookie] 1.4. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Publish [Referer HTTP header] 1.5. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/css/styles.css [colorScheme parameter] 1.6. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/logo.gif [template parameter] 1.7. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_16.jpg [colorScheme parameter] 2. Cross-site scripting (reflected) 2.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image [file parameter] 2.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image [name of an arbitrarily supplied request parameter] 2.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/localizedimage.php [name of an arbitrarily supplied request parameter] Please see URL http://cloudscan.blogspot.com/2010/09/cross-site-scripting-in-plesk-small.html for the complete Advisory.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top