eCardMAX 10.5 Multiple Vulnerabilities
Title: eCardMAX 10.5 Multiple Vulnerabilities
Advisory ID: ZSL-2016-5336
Type: Local/Remote
Impact: Cross-Site Scripting, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data
Risk: (4/5)
Release Date: 01.07.2016
PHP/5.3.28
MySQL/5.5.49-cll
[13.06.2016] First contact with vendor.
[13.06.2016] Vendor responds asking for details.
[14.06.2016] Vulnerability details sent to the vendor.
[17.06.2016] Vendor working on a patch.
[28.06.2016] Vendor releases patch.
[01.07.2016] Public security advisory released.
[2] https://cxsecurity.com/issue/WLB-2016070016
[3] https://packetstormsecurity.com/files/137764
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/114732
[5] https://exchange.xforce.ibmcloud.com/vulnerabilities/114734
[04.07.2016] - Added reference [1] and [2]
[06.07.2016] - Added reference [3]
[18.07.2016] - Added reference [4] and [5]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2016-5336
Type: Local/Remote
Impact: Cross-Site Scripting, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data
Risk: (4/5)
Release Date: 01.07.2016
Summary
eCardMax is the most trusted, powerful and dynamic online ecard software solution. It enables you to create your own ecard website with many of the advanced features found on other major sites. Starting your own ecard website with eCardMax is fast and easy.Description
eCardMAX suffers from a SQL Injection vulnerability. Input passed via the 'row_number' GET parameter is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Multiple cross-site scripting vulnerabilities were also discovered. The issue is triggered when input passed via multiple parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.Vendor
eCardMAX.COM - http://www.ecardmax.comAffected Version
10.5Tested On
Apache/2.2.26PHP/5.3.28
MySQL/5.5.49-cll
Vendor Status
[13.06.2016] Vulnerability discovered.[13.06.2016] First contact with vendor.
[13.06.2016] Vendor responds asking for details.
[14.06.2016] Vulnerability details sent to the vendor.
[17.06.2016] Vendor working on a patch.
[28.06.2016] Vendor releases patch.
[01.07.2016] Public security advisory released.
PoC
ecardmax_mv.txtCredits
Vulnerability discovered by Bikramaditya Guha - <bik@zeroscience.mk>References
[1] https://www.exploit-db.com/exploits/40058/[2] https://cxsecurity.com/issue/WLB-2016070016
[3] https://packetstormsecurity.com/files/137764
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/114732
[5] https://exchange.xforce.ibmcloud.com/vulnerabilities/114734
Changelog
[01.07.2016] - Initial release[04.07.2016] - Added reference [1] and [2]
[06.07.2016] - Added reference [3]
[18.07.2016] - Added reference [4] and [5]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk