Forumwa Multiple Remote Input Validation Vulnerabilities
BID:12689
Info
Forumwa Multiple Remote Input Validation Vulnerabilities
| Bugtraq ID: | 12689 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 01 2005 12:00AM |
| Updated: | Mar 01 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to HRG - Hackerlounge Research Group. |
| Vulnerable: |
Demof Forumwa v1 |
| Not Vulnerable: | |
Discussion
Forumwa Multiple Remote Input Validation Vulnerabilities
Forumwa is reportedly affected by multiple remote input validation vulnerabilities. These issues are due to the application failing to properly sanitize user-supplied input.
The application is vulnerable to a cross-site scripting attack permitting an attacker to construct a malicious link containing script code to be executed in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
The application is vulnerable to a HTML injection attack. Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user, other attacks are also possible.
Forumwa is reportedly affected by multiple remote input validation vulnerabilities. These issues are due to the application failing to properly sanitize user-supplied input.
The application is vulnerable to a cross-site scripting attack permitting an attacker to construct a malicious link containing script code to be executed in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
The application is vulnerable to a HTML injection attack. Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user, other attacks are also possible.
Exploit / POC
Forumwa Multiple Remote Input Validation Vulnerabilities
No exploit is required.
No exploit is required.
Solution / Fix
Forumwa Multiple Remote Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Forumwa Multiple Remote Input Validation Vulnerabilities
References:
References:
- Forumwa Homepage (Forumwa)
- Forumwa search.php xss vulnerability (HRG - Hackerlounge Research Group)