what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

absolute-screwups.txt

absolute-screwups.txt
Posted Jun 11, 2008
Authored by AmnPardaz Security Research Team | Site bugreport.ir

Products from Xigla, such as Absolute Live Support XE, Absolute News Manager XE, Absolute Banner Manager XE, Absolute Form Processor XE, Absolute Image Gallery XE, Absolute Poll Manager XE, and Absolute Control Panel XE all suffer from cross site scripting and/or SQL injection vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | b097b8dc49b923f478afb2ab38d9012e47c350bf2a68d830775e86f79407e4cd

absolute-screwups.txt

Change Mirror Download
########################## www.BugReport.ir #######################################
#
# AmnPardaz Security Research Team
#
# Title: Xigla Multiple Products - Multiple Vulnerabilities
# Vendor: http://www.xigla.com/
# Exploit: N/A
# Impact: Medium
# Fix: N/A
# Original Advisory: http://bugreport.ir/index.php?/41
###################################################################################


####################
1. Description:
####################

Xigla company has several web based products (From content management systems to live help solutions) to enhance the websites.
1.1. Absolute Live Support XE: Absolute Live Support is a live customer support software for your web site that enables visitors to instantaneously communicate with your customer service personnel.
1.2. Absolute News Manager XE: Absolute News Manager is a powerful web site news and article content management system.
1.3. Absolute Banner Manager XE: Absolute Banner Manager is the most complete, robust and easy to use web based banner management and ad tracking software.
1.4. Absolute Form Processor XE: The Absolute Form Processor is a powerful tool for processing your web based HTML forms. You don’t have to waste time developing server code, validation rules , form mailers or auto responders for your web forms, this application does all this for you.
1.5. Absolute Image Gallery XE: The complete and powerful media gallery software that makes creating and maintaining images and multimedia galleries a snap. The code resides on your web server and searches your web site for new images and files to add to your gallery.
1.6. Absolute Poll Manager XE: Absolute Poll Manager is a complete and easy-to-use survey software for dynamically adding polls and surveys to your site while creating interest among your site visitors and gathering valuable information about what they think.
1.7. Absolute Control Panel XE: Absolute Control Panel is a web based interfacing system specially designed to provide centralized access to your web based applications and Xigla application modules. It has been developed as a practical access point to our web based suite of solutions on your web sites.


####################
2. Vulnerabilities:
####################
2.1. Absolute Live Support XE (ASP version 5.1) (admin)
2.1.1. SQL Injection in "search.asp" by "orderby" parameter.
POC:
http://[URL]/xlaabsolutels/search.asp?orderby=[SQL INJECTION]

2.1.2. XSS in "search.asp" (all fields are vulnerable).
POC:
http://[URL]/xlaabsolutels/admin/search.asp

2.2. Absolute News Manager XE (ASP version 3.2) (admin)
2.2.1 SQL Injection in "search.asp".
POC:
http://[URL]/xlaabsolutenm/search.asp?orderby=[SQL INJECTION]

2.2.1. XSS in "anmviewer.asp", "search.asp","editarticleX.asp","publishers.asp" (all fields are vulnerable).
POC:
http://[URL]/xlaabsolutenm/admin/anmviewer.asp
http://[URL]/xlaabsolutenm/admin/search.asp
http://[URL]/xlaabsolutenm/admin/editarticleX.asp
http://[URL]/xlaabsolutenm/admin/publishers.asp

2.3. Absolute Banner Manager XE (ASP version) (admin)
2.3.1. SQL Injection in "searchbanners.asp".
POC:
http://[URL]/xlaabsolutebm/searchbanners.asp?orderby=[SQL INJECTION]

2.3.2. XSS in "searchbanners.asp","listadvertisers.asp" (all fields are vulnerable).
POC:
http://[URL]/xlaabsolutebm/admin/searchbanners.asp
http://[URL]/xlaabsolutebm/admin/listadvertisers.asp

2.4. Absolute Form Processor XE (ASP version 4.0) (admin)
2.4.1. SQL Injection in "search.asp".
POC:
http://[URL]/absolutefp/search.asp?orderby=[SQL INJECTION]

2.4.2. XSS in "search.asp", "users.asp" (all fields are vulnerable).
POC:
http://[URL]/absolutefp/admin/search.asp
http://[URL]/absolutefp/admin/users.asp

2.5. Absolute Image Gallery XE
2.5.1. SQL Injection in "gallery.asp".
POC:
http://[URL]/xlaabsoluteig/gallery.asp?action=viewimage&categoryid=[SQL INJECTION]

2.5.2. XSS in "gallery.asp", "search.asp" (all fields are vulnerable).
POC:
http://[URL]/xlaabsoluteig/admin/search.asp

2.6. Absolute Poll Manager XE (admin)
2.6.1. SQL Injection in "search.asp".
POC:
http://[URL]/xlaabsolutepm/search.asp?orderby=[SQL INJECTION]

2.6.2. XSS in "search.asp" (all fields are vulnerable).
POC:
http://[URL]/xlaabsolutepm/admin/search.asp
2.7. Absolute Control Panel XE
2.7.1 XSS in "admin/users.asp" (all fields are vulnerable).
POC:
http://[URL]/xlaabsolutecp/users.asp

####################
3. Solution:
####################
Edit the source code to ensure that all inputs are properly sanitised.
####################
4. Credit :
####################
AmnPardaz Security Research Team
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com
Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    45 Files
  • 9
    Dec 9th
    9 Files
  • 10
    Dec 10th
    6 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close