Iatek PortalApp Multiple Input Validation Vulnerabilities
BID:12936
Info
Iatek PortalApp Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 12936 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0948 CVE-2005-0949 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2005 12:00AM |
| Updated: | Jun 29 2010 07:08PM |
| Credit: | Discovery of these issues is credited to Diabolic Crab. |
| Vulnerable: |
Iatek SiteEnable Iatek PortalApp 0 Iatek IntranetApp 2.3 |
| Not Vulnerable: | |
Discussion
Iatek PortalApp Multiple Input Validation Vulnerabilities
Multiple input-validation vulnerabilities reportedly affect PortalApp. These issues occur due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
The first set of issues includes cross-site scripting vulnerabilities that affect the 'content.asp' script. These issues arise because the application fails to properly sanitize input passed through the offending functions before including it in dynamically generated Web content.
The second issue is an SQL-injection vulnerability that affects the 'ad_click.asp' script. The application includes the value of the offending parameters without sanitization, allowing an attacker to inject SQL syntax and manipulate SQL queries.
An attacker may leverage these issues to carry out cross-site scripting and SQL-injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
Multiple input-validation vulnerabilities reportedly affect PortalApp. These issues occur due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
The first set of issues includes cross-site scripting vulnerabilities that affect the 'content.asp' script. These issues arise because the application fails to properly sanitize input passed through the offending functions before including it in dynamically generated Web content.
The second issue is an SQL-injection vulnerability that affects the 'ad_click.asp' script. The application includes the value of the offending parameters without sanitization, allowing an attacker to inject SQL syntax and manipulate SQL queries.
An attacker may leverage these issues to carry out cross-site scripting and SQL-injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
Exploit / POC
Iatek PortalApp Multiple Input Validation Vulnerabilities
No exploit is required, the following examples are available:
http://www.example.com/ad_click.asp?banner_id='SQL_INJECTION
http://www.example.com/content.asp?contenttype=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/content.asp?do_search=1&keywords='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
No exploit is required, the following examples are available:
http://www.example.com/ad_click.asp?banner_id='SQL_INJECTION
http://www.example.com/content.asp?contenttype=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/content.asp?do_search=1&keywords='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Solution / Fix
Iatek PortalApp Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Iatek PortalApp Multiple Input Validation Vulnerabilities
References:
References:
- [ZH2005-11SA] XSS Vulnerabilities in PortalApp v3.3 (sNKenjoi)
- Iatek PortalApp Product Page (Iatek)
- PortalApp Homepage (ASPapp)
- XSS vulnerability in PortalApp (High-Tech Bridge SA)
- Multiple sql injection, and xss vulnerabilities in PortalApp (
- XSS vulnerability in PortalApp ([email protected])