by r0t,der4444,cembo,VietMafia

Saturday, December 17, 2005

Honeycomb Archive & Honeycomb Archive Enterprise vuln.

Honeycomb Archive & Honeycomb Archive Enterprise vuln.

Vuln. discovered by : r0t
Date: 17 dec. 2005
vendor:http://www.quicksquare.com/
affected version:Honeycomb Archive 3.0 and Honeycomb Archive Enterprise


Product Description:

Honeycomb Archive™ is an image library service that functions as a stand-alone web site solution providing a central repository for graphics & files needed to support marketing, advertising, and sales personnel with print and web publishing needs. Industry leaders such as Master Lock® & Valvoline® rely on Honeycomb Archive™ every day to distribute the correct brand images to thousands of users from all over the world.


Vuln. Description:

1. Multiple SQL inj. vuln. in Honeycomb Archive and Honeycomb Archive Enterprise

Honeycomb Archive and Honeycomb Archive Enterprise contains a flaw that allows a remote sql injection attacks.Input passed to the "series" "cat_parent" "cat" "div" in "CategoryResults.cfm" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code

examples:

/CategoryResults.cfm?div=7&cat=118&cat_parent=107&series=[SQL]
/CategoryResults.cfm?div=7&cat=118&cat_parent=[SQL]
/CategoryResults.cfm?div=7&cat=[SQL]
/CategoryResults.cfm?div=[SQL]

2. XSS in Honeycomb Archive Enterprise search module

Honeycomb Archive Enterprise contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to search module paremters isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew