Plesk Small Business Manager 10.2 Cross Site Scripting / SQL Injection

Plesk Small Business Manager 10.2 Cross Site Scripting / SQL Injection: Posted Oct 24, 2010; Authored by sqlhacker; Plesk Small Business Manager version 10.2 suffers from cross site scripting and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | 4875002bc8592473f63668e32dd0729cd9ea682f1ec0de433cc123fa108a819c; Download | Favorite | View

Plesk Small Business Manager 10.2 Cross Site Scripting / SQL Injection

XSS + SQL Injection in Plesk Small Business Manager 10.2 + Site Editor
########################################################################
# Vendor: Plesk Small Business Manager 10.2 + Site Editor
# Product Description URL http://www.parallels.com/products/small-business-panel/
# Date: 2010-09-17
# Author : David Hoyt – http://cloudscan.me
# Contact : h02332@gmail.com
# Home : http://cloudscan.me
# Dork : Small Business Manager
# Bug : Cross Site Scripting + SQL Injection
# Tested on : Plesk Small Business Manager 10.2.0 // Windows 2008 /64/R2
# Disclosure : Uncoordinated
########################################################################
UPDATED OCT-14-2010
NOTE TO PARALLELS TEAM: EXPANDED INFO IN [Parallels #1020740] Security issues PSBP and SiteEditor.
 
 
Here are the Audit Reports:
 
 
URL Reports for Plesk Small Business Manager 20.2.0 + Site Editor
http://cloudscan.me/examples/plesk-reports/plesk-10.2.0.html
http://cloudscan.me/examples/plesk-reports/plesk-10.2.0-site-editor.html
http://cloudscan.me/examples/plesk-reports/plesk-10.2.0-site-editor.xml
 
 
Picture Proofs:
http://cloudscan.me/images/plesk-cover-1.jpg
http://cloudscan.me/images/plesk-small-biz-10.2.0-sqli-2-1.jpg
http://cloudscan.me/images/plesk-site-editor-sqli-1-1.jpg
http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-1-1.jpg
http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-2-1.jpg
http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-5.jpg
http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-6.jpg
http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-7.jpg
http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-8.jpg
http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-9.jpg
http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-11.jpg
http://cloudscan.me/images/plesk-small-biz-10.2.0-xss-12.jpg
 
 
 
 
Vulnerability Examples:
----------------------------------------
1. SQL Injection
Summary
Severity:   High
Confidence:   Certain
Host:   http://vulnerable.plesk.smb.10.2.0.site:8880
Path:   /plesk/client@1/domain@1/hosting/file-manager/create-dir/
 
 
Severity:   High
Confidence:   Certain
Host:   http://vulnerable.plesk.smb.10.2.0.site:8880
Path:   /plesk/client@1/domain@1/hosting/file-manager/permissions/
 
 
 
 
 
 
2. Cross-site scripting (reflected)
2.1. http://vulnerable.plesk.smb.10.2.0.site:8880/smb/app/available/id/apscatalog/ [category parameter]
2.2. http://vulnerable.plesk.smb.10.2.0.site:8880/smb/app/available/id/apscatalog/ [category parameter]
2.3. http://vulnerable.plesk.smb.10.2.0.site:8880/smb/app/available/id/apscatalog/ [category parameter]
2.4. http://vulnerable.plesk.smb.10.2.0.site:8880/smb/file/copy [items%5B0%5D parameter]
2.5. http://vulnerable.plesk.smb.10.2.0.site:8880/smb/file/index/type/external/ [folder parameter]
 
 
Summary
Severity:   High
Confidence:   Certain
Host:   http://vulnerable.plesk.smb.10.2.0.site:8880
Path:   /smb/app/available/id/apscatalog/
 
 
Severity:   High
Confidence:   Certain
Host:   http://vulnerable.plesk.smb.10.2.0.site:8880
Path:   /smb/app/available/id/apscatalog/
 
 
 
 
Severity:   High
Confidence:   Certain
Host:   http://vulnerable.plesk.smb.10.2.0.site:8880
Path:   /smb/file/copy
 
 
Severity:   High
Confidence:   Certain
Host:   http://vulnerable.plesk.smb.10.2.0.site:8880
Path:   /smb/file/index/type/external/
 
 
 
 
 
 
DETAILS ON SITE EDITOR:
 
 
1. SQL injection
 
 
1.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html [currentPageId parameter]
1.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery [filelist cookie]
1.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Image/Edit [PLESKSESSID cookie]
1.4. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Publish [Referer HTTP header]
1.5. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/css/styles.css [colorScheme parameter]
1.6. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/logo.gif [template parameter]
1.7. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_16.jpg [colorScheme parameter]
 
 
2. Cross-site scripting (reflected)
2.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image [file parameter]
2.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image [name of an arbitrarily supplied request parameter]
2.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/localizedimage.php [name of an arbitrarily supplied request parameter]
 
 
 
 
 
 
Please see URL http://cloudscan.blogspot.com/2010/09/cross-site-scripting-in-plesk-small.html for the complete Advisory.

Top Authors In Last 30 Days

Red Hat 237 files
indoushka 172 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

Plesk Small Business Manager 10.2 Cross Site Scripting / SQL Injection

Plesk Small Business Manager 10.2 Cross Site Scripting / SQL Injection

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Plesk Small Business Manager 10.2 Cross Site Scripting / SQL Injection

Share This

Plesk Small Business Manager 10.2 Cross Site Scripting / SQL Injection

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems