Asbru Web Content Management Vulnerabilities

Type securityvulns
Reporter Securityvulns
Modified 2009-04-03T00:00:00

Description - Vulnerability Advisory

Release Date: 02-Apr-2009

Software: Asbru Software - Asbru Web Content Management

"Ready to use, full-featured, database-driven web content management system (CMS) with integrated community, databases, e-commerce and statistics modules for creating, publishing and managing rich and user-friendly Internet, Extranet and Intranet websites."

Versions tested: 6.5 and 6.6.9 have been confirmed as vulnerable in the ASP release. Other versions are untested. The vendor reports JSP, PHP, ASPX immune.

Vulnerability discovered:

SQL Injection & XSS

Vulnerability impact:

High - SQL Injection in backend database. Impact depends on the security and configuration of the database. It may be possible to execute code using functons such as xp_cmdshell in poorly configured hosts. Other attacks possible include obtaining the CMS admin username and password from the database and subsequently uploading code or modifying the page content.

Vulnerability information:

The 'id' GET parameter of 'page.asp', 'stylesheet.asp' and 'file.asp' is vulnerable to numeric based blind SQL injection.


http://[victim]/page.asp?id=1 <-- main page http://[victim]/page.asp?id=1 AND 1=2 <-- returns blank (false) http://[victim]/page.asp?id=1 AND 1=1 <-- main page (true)

XSS in the 'url' parameter of 'login.asp':



References: advisory

Credit: Patrick Webster ( )

Disclosure timeline: 28-Oct-2008 - Discovered during audit. 27-Nov-2008 - Notified vendor. 28-Nov-2008 - Vendor releases patch. 02-Apr-2009 - Disclosure.