Asbru Web Content Management Vulnerabilities

2009-04-03T00:00:00

Description

aushack.com - Vulnerability Advisory ----------------------------------------------- Release Date: 02-Apr-2009 Software: Asbru Software - Asbru Web Content Management http://www.asbrusoft.com/ "Ready to use, full-featured, database-driven web content management system (CMS) with integrated community, databases, e-commerce and statistics modules for creating, publishing and managing rich and user-friendly Internet, Extranet and Intranet websites." Versions tested: 6.5 and 6.6.9 have been confirmed as vulnerable in the ASP release. Other versions are untested. The vendor reports JSP, PHP, ASPX immune. Vulnerability discovered: SQL Injection & XSS Vulnerability impact: High - SQL Injection in backend database. Impact depends on the security and configuration of the database. It may be possible to execute code using functons such as xp_cmdshell in poorly configured hosts. Other attacks possible include obtaining the CMS admin username and password from the database and subsequently uploading code or modifying the page content. Vulnerability information: The 'id' GET parameter of 'page.asp', 'stylesheet.asp' and 'file.asp' is vulnerable to numeric based blind SQL injection. Example: http://[victim]/page.asp?id=1 <-- main page http://[victim]/page.asp?id=1 AND 1=2 <-- returns blank (false) http://[victim]/page.asp?id=1 AND 1=1 <-- main page (true) XSS in the 'url' parameter of 'login.asp': Example: http://[victim]/webadmin/login.asp?url="><script>alert(document.cookie)</script> References: aushack.com advisory http://www.aushack.com/200904-asbru.txt Credit: Patrick Webster ( patrick@aushack.com ) Disclosure timeline: 28-Oct-2008 - Discovered during audit. 27-Nov-2008 - Notified vendor. 28-Nov-2008 - Vendor releases patch. 02-Apr-2009 - Disclosure. EOF

{"id": "SECURITYVULNS:DOC:21572", "bulletinFamily": "software", "title": "Asbru Web Content Management Vulnerabilities", "description": "aushack.com - Vulnerability Advisory\r\n-----------------------------------------------\r\nRelease Date:\r\n 02-Apr-2009\r\n\r\nSoftware:\r\n Asbru Software - Asbru Web Content Management\r\n http://www.asbrusoft.com/\r\n\r\n "Ready to use, full-featured, database-driven web content management system\r\n (CMS) with integrated community, databases, e-commerce and statistics modules\r\n for creating, publishing and managing rich and user-friendly\r\nInternet, Extranet\r\n and Intranet websites."\r\n\r\nVersions tested:\r\n 6.5 and 6.6.9 have been confirmed as vulnerable in the ASP release.\r\n Other versions are untested. The vendor reports JSP, PHP, ASPX immune.\r\n\r\nVulnerability discovered:\r\n\r\n SQL Injection & XSS\r\n\r\nVulnerability impact:\r\n\r\n High - SQL Injection in backend database. Impact depends on the\r\n security and configuration of the database. It may be possible\r\n to execute code using functons such as xp_cmdshell in poorly\r\n configured hosts. Other attacks possible include obtaining the\r\n CMS admin username and password from the database and\r\n subsequently uploading code or modifying the page content.\r\n\r\nVulnerability information:\r\n\r\n The 'id' GET parameter of 'page.asp', 'stylesheet.asp' and 'file.asp' is\r\n vulnerable to numeric based blind SQL injection.\r\n\r\n Example:\r\n\r\n http://[victim]/page.asp?id=1 <-- main page\r\n http://[victim]/page.asp?id=1 AND 1=2 <-- returns blank (false)\r\n http://[victim]/page.asp?id=1 AND 1=1 <-- main page (true)\r\n\r\n XSS in the 'url' parameter of 'login.asp':\r\n\r\n Example:\r\n\r\n http://[victim]/webadmin/login.asp?url="><script>alert(document.cookie)</script>\r\n\r\nReferences:\r\n aushack.com advisory\r\n http://www.aushack.com/200904-asbru.txt\r\n\r\nCredit:\r\n Patrick Webster ( patrick@aushack.com )\r\n\r\nDisclosure timeline:\r\n 28-Oct-2008 - Discovered during audit.\r\n 27-Nov-2008 - Notified vendor.\r\n 28-Nov-2008 - Vendor releases patch.\r\n 02-Apr-2009 - Disclosure.\r\n\r\nEOF", "published": "2009-04-03T00:00:00", "modified": "2009-04-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21572", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:29", "edition": 1, "viewCount": 66, "enchantments": {"score": {"value": 0.2, "vector": "NONE"}, "dependencies": {"references": []}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9793"]}]}, "exploitation": null, "vulnersScore": 0.2}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 1659730939}}