Proman Xpress v5.0.1 - Multiple Web Vulnerabilities

2012-05-09T00:00:00
ID 1337DAY-ID-18238
Type zdt
Reporter the_storm
Modified 2012-05-09T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            Title:
======
Proman Xpress v5.0.1 - Multiple Web Vulnerabilities

Introduction:
=============
Proman Xpress v5.0.1 is a super project management script coded in PHP & MySQL. It s highly customizable and 
is used across industries.

No Encryption.
No Callback.
Separate login for clients.
Easy management.
Add/edit/delete projects.
Unlimited project category.
Unlimited image upload.
Ajax based interface.
Complete messaging system.
File attachment system.
Active/ inactive projects.
Assign different parts to staffs.
Client to admin message interface.
Staff to admin message interface.
Set project time period.
Add/edit/delete clients.
Add/edit/delete Staffs.
Template based architecture.

(Copy of the Vendor Homepage:  http://itechscripts.com/proman_xpress.html )

Details:
========
1.1
A remote SQL Injection vulnerability  is detected in the Promans Xpress 2012 Q2 content management system.
The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own sql commands 
on the affected application dbms. Successful exploitation of the vulnerability results in dbms & application compromise.
The vulnerability is located on the username post method.

Vulnerable Module(s):
						[+] Category Edit  [category_edit.php?cid=]

1.2
A persistent input validation vulnerability is detected n the Promans Xpress 2012 Q2 content management system.
The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent).
Successful exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent) 
context manipulation. Exploitation requires low user inter action. The bug is located on the comment section of 
the message reply function.


Vulnerable Module(s):
						[+] Replying for a Message - Comments 



#  0day.today [2018-02-19]  #