aushack.com - Vulnerability Advisory
-----------------------------------------------
Release Date:
02-Apr-2009
Software:
Asbru Software - Asbru Web Content Management
http://www.asbrusoft.com/
"Ready to use, full-featured, database-driven web content management system
(CMS) with integrated community, databases, e-commerce and statistics modules
for creating, publishing and managing rich and user-friendly
Internet, Extranet
and Intranet websites."
Versions tested:
6.5 and 6.6.9 have been confirmed as vulnerable in the ASP release.
Other versions are untested. The vendor reports JSP, PHP, ASPX immune.
Vulnerability discovered:
SQL Injection & XSS
Vulnerability impact:
High - SQL Injection in backend database. Impact depends on the
security and configuration of the database. It may be possible
to execute code using functons such as xp_cmdshell in poorly
configured hosts. Other attacks possible include obtaining the
CMS admin username and password from the database and
subsequently uploading code or modifying the page content.
Vulnerability information:
The 'id' GET parameter of 'page.asp', 'stylesheet.asp' and 'file.asp' is
vulnerable to numeric based blind SQL injection.
Example:
http://[victim]/page.asp?id=1 <-- main page
http://[victim]/page.asp?id=1 AND 1=2 <-- returns blank (false)
http://[victim]/page.asp?id=1 AND 1=1 <-- main page (true)
XSS in the 'url' parameter of 'login.asp':
Example:
http://[victim]/webadmin/login.asp?url="><script>alert(document.cookie)</script>
References:
aushack.com advisory
http://www.aushack.com/200904-asbru.txt
Credit:
Patrick Webster ( patrick@aushack.com )
Disclosure timeline:
28-Oct-2008 - Discovered during audit.
27-Nov-2008 - Notified vendor.
28-Nov-2008 - Vendor releases patch.
02-Apr-2009 - Disclosure.
EOF
{"id": "SECURITYVULNS:DOC:21572", "bulletinFamily": "software", "title": "Asbru Web Content Management Vulnerabilities", "description": "aushack.com - Vulnerability Advisory\r\n-----------------------------------------------\r\nRelease Date:\r\n 02-Apr-2009\r\n\r\nSoftware:\r\n Asbru Software - Asbru Web Content Management\r\n http://www.asbrusoft.com/\r\n\r\n "Ready to use, full-featured, database-driven web content management system\r\n (CMS) with integrated community, databases, e-commerce and statistics modules\r\n for creating, publishing and managing rich and user-friendly\r\nInternet, Extranet\r\n and Intranet websites."\r\n\r\nVersions tested:\r\n 6.5 and 6.6.9 have been confirmed as vulnerable in the ASP release.\r\n Other versions are untested. The vendor reports JSP, PHP, ASPX immune.\r\n\r\nVulnerability discovered:\r\n\r\n SQL Injection & XSS\r\n\r\nVulnerability impact:\r\n\r\n High - SQL Injection in backend database. Impact depends on the\r\n security and configuration of the database. It may be possible\r\n to execute code using functons such as xp_cmdshell in poorly\r\n configured hosts. Other attacks possible include obtaining the\r\n CMS admin username and password from the database and\r\n subsequently uploading code or modifying the page content.\r\n\r\nVulnerability information:\r\n\r\n The 'id' GET parameter of 'page.asp', 'stylesheet.asp' and 'file.asp' is\r\n vulnerable to numeric based blind SQL injection.\r\n\r\n Example:\r\n\r\n http://[victim]/page.asp?id=1 <-- main page\r\n http://[victim]/page.asp?id=1 AND 1=2 <-- returns blank (false)\r\n http://[victim]/page.asp?id=1 AND 1=1 <-- main page (true)\r\n\r\n XSS in the 'url' parameter of 'login.asp':\r\n\r\n Example:\r\n\r\n http://[victim]/webadmin/login.asp?url="><script>alert(document.cookie)</script>\r\n\r\nReferences:\r\n aushack.com advisory\r\n http://www.aushack.com/200904-asbru.txt\r\n\r\nCredit:\r\n Patrick Webster ( patrick@aushack.com )\r\n\r\nDisclosure timeline:\r\n 28-Oct-2008 - Discovered during audit.\r\n 27-Nov-2008 - Notified vendor.\r\n 28-Nov-2008 - Vendor releases patch.\r\n 02-Apr-2009 - Disclosure.\r\n\r\nEOF", "published": "2009-04-03T00:00:00", "modified": "2009-04-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21572", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:29", "edition": 1, "viewCount": 66, "enchantments": {"score": {"value": 0.2, "vector": "NONE"}, "dependencies": {"references": []}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9793"]}]}, "exploitation": null, "vulnersScore": 0.2}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 1659730939}}