#####################
______ __ ______
/ \ / | / \
/000000 | ______ ______ ______ 00 |____ _____ ____ ______ /000000 | ______ _______
00 \__00/ / \ / \ / \ 00 \ / \/ \ / \ 00 \__00/ / \ / |
00 \ 000000 |/000000 |000000 |0000000 |000000 0000 | 000000 | 00 \ /000000 |/0000000/
000000 | / 00 |00 | 00/ / 00 |00 | 00 |00 | 00 | 00 | / 00 | 000000 |00 00 |00 |
/ \__00 |/0000000 |00 | /0000000 |00 | 00 |00 | 00 | 00 |/0000000 | / \__00 |00000000/ 00 \_____
00 00/ 00 00 |00 | 00 00 |00 | 00 |00 | 00 | 00 |00 00 | 00 00/ 00 |00 |
000000/ 0000000/ 00/ 0000000/ 00/ 00/ 00/ 00/ 00/ 0000000/ 000000/ 0000000/ 0000000/
#####################
Product: Zyxware Health Monitoring System
Product Version: 1.0.2
Vendor: Zyxware Technologies
Vendor Notification: Sept 3, 2013
Public Disclosure: Sept 9, 2013
Vulnerability Type: Sql Injection, XSS
Risk Level: High
Discovered and Provided By:
Sarahma Security
Sarahma Global Informatika
Website : wwww.sarahma.co.id
Email : research@sarahma.co.id
#####################
========================
SQL Injection
========================
Found on
http://localhost/healthmonitor/maps/diseaseinfo.php
Parameter : strDiseaseName
http://localhost/healthmonitor/maps/diseaseinfo.php?strDiseaseName=1'{SQL_HERE}
Found On
http://localhost/healthmonitor/maps/summary.php
Parameter : opt
http://localhost/healthmonitor/maps/summary.php?opt=1'{SQL_HERE}&type=Dist
========================
XSS Vulnerability
========================
Found On :
http://localhost/healthmonitor/maps/diseaseinfo.php
parameter : rightContent
http://localhost/healthmonitor/maps/googlemap.php
parameter : mapheight and mapwidth
http://localhost/healthmonitor/maps/khmheading.php
parameter : imageheight
http://localhost/healthmonitor/maps/moreinfo.php
parameter : rightContent
http://localhost/healthmonitor/maps/summary.php
parameter : opt and rightContent
Example :
http://localhost/healthmonitor/maps/khmheading.php?imageheight=0&imagePadding=%22%3Cscript%3E%20alert%28%27XSS%27%29%3C/script%3E
========================
Solution :
========================
No Update Until This Advisory published
========================
Timeline:
========================
2013-09-03 Provided details to vendor
2013-09-08 No Response From vendor
2013-09-09 Advisory published