<<< Date Index >>>     <<< Thread Index >>>

Xigla Multiple Products - Multiple Vulnerabilities



########################## www.BugReport.ir 
#######################################
#
#      AmnPardaz Security Research Team
#
# Title: Xigla Multiple Products - Multiple Vulnerabilities
# Vendor: http://www.xigla.com/
# Exploit: N/A
# Impact: Medium
# Fix: N/A
# Original Advisory: http://bugreport.ir/index.php?/41
###################################################################################


####################
1. Description:
####################

        Xigla company has several web based products (From content management 
systems to live help solutions) to enhance the websites.
                1.1. Absolute Live Support XE:   Absolute Live Support is a 
live customer support software for your web site that enables visitors to 
instantaneously communicate with your customer service personnel.
                1.2. Absolute News Manager XE:   Absolute News Manager is a 
powerful web site news and article content management system.
                1.3. Absolute Banner Manager XE: Absolute Banner Manager is the 
most complete, robust and easy to use web based banner management and ad 
tracking software.
                1.4. Absolute Form Processor XE: The Absolute Form Processor is 
a powerful tool for processing your web based HTML forms. You don?t have to 
waste time developing server code, validation rules , form mailers or auto 
responders for your web forms, this application does all this for you.
                1.5. Absolute Image Gallery XE:  The complete and powerful 
media gallery software that makes creating and maintaining images and 
multimedia galleries a snap. The code resides on your web server and searches 
your web site for new images and files to add to your gallery.
                1.6. Absolute Poll Manager XE:   Absolute Poll Manager is a 
complete and easy-to-use survey software for dynamically adding polls and 
surveys to your site while creating interest among your site visitors and 
gathering valuable information about what they think.
                1.7. Absolute Control Panel XE:  Absolute Control Panel is a 
web based interfacing system specially designed to provide centralized access 
to your web based applications and Xigla application modules. It has been 
developed as a practical access point to our web based suite of solutions on 
your web sites.
         

####################
2. Vulnerabilities:
####################
    2.1. Absolute Live Support XE (ASP version 5.1) (admin)
                2.1.1. SQL Injection in "search.asp" by "orderby" parameter.
                        POC: 
                                
http://[URL]/xlaabsolutels/search.asp?orderby=[SQL INJECTION]
                        
                2.1.2. XSS in "search.asp" (all fields are vulnerable).
                        POC:
                                http://[URL]/xlaabsolutels/admin/search.asp

    2.2. Absolute News Manager XE (ASP version 3.2) (admin)
                2.2.1   SQL Injection in "search.asp".
                        POC:
                                
http://[URL]/xlaabsolutenm/search.asp?orderby=[SQL INJECTION]
                
                2.2.1. XSS in "anmviewer.asp", 
"search.asp","editarticleX.asp","publishers.asp" (all fields are vulnerable).
                        POC:
                                http://[URL]/xlaabsolutenm/admin/anmviewer.asp
                                http://[URL]/xlaabsolutenm/admin/search.asp
                                
http://[URL]/xlaabsolutenm/admin/editarticleX.asp
                                http://[URL]/xlaabsolutenm/admin/publishers.asp
                        
    2.3. Absolute Banner Manager XE (ASP version) (admin)
                2.3.1. SQL Injection in "searchbanners.asp".
                        POC:
                                
http://[URL]/xlaabsolutebm/searchbanners.asp?orderby=[SQL INJECTION]
                        
                2.3.2. XSS in "searchbanners.asp","listadvertisers.asp" (all 
fields are vulnerable).
                        POC:
                                
http://[URL]/xlaabsolutebm/admin/searchbanners.asp
                                
http://[URL]/xlaabsolutebm/admin/listadvertisers.asp

    2.4. Absolute Form Processor XE (ASP version 4.0) (admin)
                2.4.1. SQL Injection in "search.asp".
                        POC:
                                http://[URL]/absolutefp/search.asp?orderby=[SQL 
INJECTION]
                
                2.4.2. XSS in "search.asp", "users.asp" (all fields are 
vulnerable).
                        POC:
                                http://[URL]/absolutefp/admin/search.asp
                                http://[URL]/absolutefp/admin/users.asp
   
    2.5. Absolute Image Gallery XE
                2.5.1. SQL Injection in "gallery.asp".
                        POC:
                                
http://[URL]/xlaabsoluteig/gallery.asp?action=viewimage&categoryid=[SQL 
INJECTION]
                
                2.5.2. XSS in "gallery.asp", "search.asp" (all fields are 
vulnerable).
                        POC:
                                http://[URL]/xlaabsoluteig/admin/search.asp
                        
    2.6. Absolute Poll Manager XE (admin)
                2.6.1. SQL Injection in "search.asp".
                        POC:
                                
http://[URL]/xlaabsolutepm/search.asp?orderby=[SQL INJECTION]
                        
                2.6.2. XSS in "search.asp" (all fields are vulnerable).
                        POC:
                                http://[URL]/xlaabsolutepm/admin/search.asp
    2.7. Absolute Control Panel XE
                2.7.1 XSS in "admin/users.asp" (all fields are vulnerable).
                        POC:
                                http://[URL]/xlaabsolutecp/users.asp
                        
####################
3. Solution:
####################
        Edit the source code to ensure that all inputs are properly sanitised.
####################
4. Credit :
####################
AmnPardaz Security Research Team
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com