Lucene search
High-Tech Bridge1337DAY-ID-19910HistoryDec 07, 2012 - 12:00 a.m.
Achievo 1.4.5 Cross Site Scripting / SQL Injection Vulnerabilities
2012-12-0700:00:00
High-Tech Bridge
0day.today
26
0.005 Low
EPSS
Percentile
73.8%
Achievo version 1.4.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
Product: Achievo
Vendor: www.achievo.org
Vulnerable Version(s): 1.4.5 and probably prior
Tested Version: 1.4.5
Vendor Notification: November 14, 2012
Public Disclosure: December 5, 2012
Vulnerability Type: SQL Injection [CWE-89], Cross-Site Scripting [CWE-79]
CVE References: CVE-2012-5865, CVE-2012-5866
CVSSv2 Base Scores: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P), 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Risk Level: Medium
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered two vulnerabilities in Achievo, which can be exploited to perform SQL injection and cross-site scripting (XSS) attacks.
1) SQL Injection vulnerability in Achievo: CVE-2012-5865
The vulnerability was discovered in the "dispatch.php" script while handling the "activityid" HTTP GET parameter. A remote authenticated attacker can inject and execute arbitrary SQL commands in application's database. Successful exploitation of this vulnerability requires that an attacker is logged-in into application (registration is closed by default).
The following PoC (Proof of Concept) code outputs version of the MySQL server:
http://[host]/dispatch.php?atknodetype=project.activity&atkaction=stats&activityid=0%20UNION%20SELECT%201,version%28%29,3,4
Registration is closed by default.
2) Cross-Site Scripting (XSS) vulnerability in Achievo: CVE-2012-5866
Input sanitation error was found in the "include.php" script when handling the "field" HTTP GET parameter. A remote attacker can execute arbitrary HTML and script code in user's browser in context of a vulnerable website.
The following PoC (Proof of Concept) outputs user's cookie:
http://[host]/include.php?file=atk/popups/colorpicker.inc&field=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
-----------------------------------------------------------------------------------------------
Solution:
Currently we are not aware of any vendor-supplied patches or other solutions.
-----------------------------------------------------------------------------------------------
# 0day.today [2018-01-10] #Related
packetstorm
packetstorm
Achievo 1.4.5 Cross Site Scripting / SQL Injection
2012-12-07 00:00:00
exploitpack
exploitpack
Achievo 1.4.5 - Multiple Vulnerabilities (2)
2012-12-09 00:00:00
htbridge
htbridge
Multiple vulnerabilities in Achievo
2012-11-14 00:00:00
securityvulns
securityvulns
Multiple vulnerabilities in Achievo
2012-12-10 00:00:00
exploitdb
exploitdb
Achievo 1.4.5 - Multiple Vulnerabilities (2)
2012-12-09 00:00:00
cve
cve
CVE-2012-5866
2014-10-20 15:55:00
CVE-2012-5865
2014-10-20 15:55:00
prion
prion
Cross site scripting
2014-10-20 15:55:00
Sql injection
2014-10-20 15:55:00
dsquare
dsquare
Achievo 1.4.5 LFI
2012-11-09 00:00:00