Plesk Small Business Manager 10.2.0 and Site Editor – Multiple Vulnerabilities

• Exploit Database
• 95 阅读

• 作者： David Hoyt
  日期： 2010-10-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15313/

• XSS + SQL Injection in Plesk Small Business Manager 10.2 + Site Editor
  ######################################################################## 
  # Vendor: Plesk Small Business Manager 10.2 + Site Editor
  # Product Description URL http://www.parallels.com/products/small-business-panel/
  # Date: 2010-09-17
  # Author : David Hoyt – http://cloudscan.me
  # Contact : h02332@gmail.com
  # Home : http://cloudscan.me
  # Dork : Small Business Manager
  # Bug : Cross Site Scripting + SQL Injection 
  # Tested on : Plesk Small Business Manager 10.2.0 // Windows 2008 /64/R2
  # Disclosure : Uncoordinated 
  ########################################################################
  UPDATED OCT-14-2010
  NOTE TO PARALLELS TEAM: EXPANDED INFO IN [Parallels #1020740] Security issues PSBP and SiteEditor. 
  
  
  Here are the Audit Reports:
  
  
  URL Reports for Plesk Small Business Manager 20.2.0 + Site Editor
  http://xss.cx/examples/plesk-reports/plesk-10.2.0.html
  http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html
  http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.xml
  
  
  Picture Proofs:
  http://xss.cx/images/plesk-cover-1.jpg
  http://xss.cx/images/plesk-small-biz-10.2.0-sqli-2-1.jpg
  http://xss.cx/images/plesk-site-editor-sqli-1-1.jpg
  http://xss.cx/images/plesk-small-biz-10.2.0-xss-1-1.jpg
  http://xss.cx/images/plesk-small-biz-10.2.0-xss-2-1.jpg
  http://xss.cx/images/plesk-small-biz-10.2.0-xss-5.jpg
  http://xss.cx/images/plesk-small-biz-10.2.0-xss-6.jpg
  http://xss.cx/images/plesk-small-biz-10.2.0-xss-7.jpg
  http://xss.cx/images/plesk-small-biz-10.2.0-xss-8.jpg
  http://xss.cx/images/plesk-small-biz-10.2.0-xss-9.jpg
  http://xss.cx/images/plesk-small-biz-10.2.0-xss-11.jpg
  http://xss.cx/images/plesk-small-biz-10.2.0-xss-12.jpg
  
  
  
  
  Vulnerability Examples:
  ----------------------------------------
  1. SQL Injection
  Summary
  Severity: High
  Confidence: Certain
  Host: http://vulnerable.plesk.smb.10.2.0.site:8880
  Path: /plesk/client@1/domain@1/hosting/file-manager/create-dir/
  
  
  Severity: High
  Confidence: Certain
  Host: http://vulnerable.plesk.smb.10.2.0.site:8880
  Path: /plesk/client@1/domain@1/hosting/file-manager/permissions/
  
  
  
  
  
  
  2. Cross-site scripting (reflected)
  2.1. http://vulnerable.plesk.smb.10.2.0.site:8880/smb/app/available/id/apscatalog/ [category parameter]
  2.2. http://vulnerable.plesk.smb.10.2.0.site:8880/smb/app/available/id/apscatalog/ [category parameter]
  2.3. http://vulnerable.plesk.smb.10.2.0.site:8880/smb/app/available/id/apscatalog/ [category parameter]
  2.4. http://vulnerable.plesk.smb.10.2.0.site:8880/smb/file/copy [items%5B0%5D parameter]
  2.5. http://vulnerable.plesk.smb.10.2.0.site:8880/smb/file/index/type/external/ [folder parameter]
  
  
  Summary
  Severity: High
  Confidence: Certain
  Host: http://vulnerable.plesk.smb.10.2.0.site:8880
  Path: /smb/app/available/id/apscatalog/
  
  
  Severity: High
  Confidence: Certain
  Host: http://vulnerable.plesk.smb.10.2.0.site:8880
  Path: /smb/app/available/id/apscatalog/
  
  
  
  
  Severity: High
  Confidence: Certain
  Host: http://vulnerable.plesk.smb.10.2.0.site:8880
  Path: /smb/file/copy
  
  
  Severity: High
  Confidence: Certain
  Host: http://vulnerable.plesk.smb.10.2.0.site:8880
  Path: /smb/file/index/type/external/
  
  
  
  
  
  
  DETAILS ON SITE EDITOR:
  
  
  1. SQL injection
  
  
  1.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html [currentPageId parameter]
  1.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery [filelist cookie]
  1.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Image/Edit [PLESKSESSID cookie]
  1.4. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Publish [Referer HTTP header]
  1.5. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/css/styles.css [colorScheme parameter]
  1.6. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/logo.gif [template parameter]
  1.7. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_16.jpg [colorScheme parameter]
  
  
  2. Cross-site scripting (reflected)
  2.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image [file parameter]
  2.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image [name of an arbitrarily supplied request parameter]
  2.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/localizedimage.php [name of an arbitrarily supplied request parameter]
  
  
  
  
  
  
  Please see URL http://www.cloudscan.me/2010/09/xss-sql-injection-in-plesk-small.html for the complete Advisory.
  

  Python

  Copy