Open Searchable Image Catalogue Multiple Input Validation Vulnerabilities
BID:18169
CVE-2006-2748 | CVE-2006-2749 | CVE-2006-2750 |Info
Open Searchable Image Catalogue Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 18169 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 30 2006 12:00AM |
| Updated: | May 31 2006 04:17PM |
| Credit: | Technical University of Vienna is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Open Searchable Image Catalogue OSIC 0.7 |
| Not Vulnerable: |
Open Searchable Image Catalogue OSIC 0.7 .1 |
Discussion
Open Searchable Image Catalogue Multiple Input Validation Vulnerabilities
Open Searchable Image Catalogue is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Open Searchable Image Catalogue versions 0.7 and earlier are vulnerable to these issues.
Open Searchable Image Catalogue is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Open Searchable Image Catalogue versions 0.7 and earlier are vulnerable to these issues.
Exploit / POC
Open Searchable Image Catalogue Multiple Input Validation Vulnerabilities
These issues can be exploited through a web client.
The following proof-of-concept URIs are available:
These issues can be exploited through a web client.
The following proof-of-concept URIs are available:
Solution / Fix
Open Searchable Image Catalogue Multiple Input Validation Vulnerabilities
Solution:
The vendor has released version 0.7.0.1 to address these issues; please see the reference section for further details.
Open Searchable Image Catalogue OSIC 0.7
Solution:
The vendor has released version 0.7.0.1 to address these issues; please see the reference section for further details.
Open Searchable Image Catalogue OSIC 0.7
-
Open Searchable Image Catalogue osic-0.7.0.1.tar.gz
http://prdownloads.sourceforge.net/osic-win/osic-0.7.0.1.tar.gz
References
Open Searchable Image Catalogue Multiple Input Validation Vulnerabilities
References:
References:
- OSIC 0.7.0.1 Released (Open Searchable Image Catalogue)
- TUVSA-0605-001 - Open Searchable Image Catalogue: XSS and SQL Injection Vulnerab (Technical University of Vienna Security Advisory)
- Vendor Homepage (Open Searchable Image Catalogue)
- Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities (Technical University of Vienna)