ASP Portal Multiple Input Validation Vulnerabilities
BID:17114
Info
ASP Portal Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 17114 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 15 2006 12:00AM |
| Updated: | Mar 16 2006 04:40PM |
| Credit: | CodeScan Labs are credited with the discovery of these vulnerabilities. |
| Vulnerable: |
ASP Portal ASP Portal 3.0 |
| Not Vulnerable: |
ASP Portal ASP Portal 3.1 |
Discussion
ASP Portal Multiple Input Validation Vulnerabilities
ASP Portal is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
ASP Portal is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Exploit / POC
ASP Portal Multiple Input Validation Vulnerabilities
These issues can be exploited through use of a web client.
These issues can be exploited through use of a web client.
Solution / Fix
ASP Portal Multiple Input Validation Vulnerabilities
Solution:
The vendor has addressed these issues in ASP Portal version 3.1.0 and later. Contact the vendor for information on obtaining and applying the appropriate updates.
Solution:
The vendor has addressed these issues in ASP Portal version 3.1.0 and later. Contact the vendor for information on obtaining and applying the appropriate updates.
References
ASP Portal Multiple Input Validation Vulnerabilities
References:
References:
- ASP Portal Homepage (ASP Portal)
- CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net (CodeScan Labs)