DotText HTTP Referer HTML Injection Vulnerability
BID:13450
Info
DotText HTTP Referer HTML Injection Vulnerability
| Bugtraq ID: | 13450 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 30 2005 12:00AM |
| Updated: | Apr 30 2005 12:00AM |
| Credit: | Discovery is credited to lake2. |
| Vulnerable: |
GotDotNet DotText 0.95 GotDotNet DotText 0.94 |
| Not Vulnerable: | |
Discussion
DotText HTTP Referer HTML Injection Vulnerability
DotText (.Text) is prone to an HTML injection vulnerability. This issue may be exploited by submitting a client HTTP Referer field that contains hostile HTML and script code.
HTML injection may allow for theft of cookie-based authentication credentials or other attacks.
DotText (.Text) is prone to an HTML injection vulnerability. This issue may be exploited by submitting a client HTTP Referer field that contains hostile HTML and script code.
HTML injection may allow for theft of cookie-based authentication credentials or other attacks.
Exploit / POC
DotText HTTP Referer HTML Injection Vulnerability
The issue may be exploited by sending an HTTP Request that specifies HTML and script code in the HTTP Referer field.
The issue may be exploited by sending an HTTP Request that specifies HTML and script code in the HTTP Referer field.
Solution / Fix
DotText HTTP Referer HTML Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.