BaalAsp Forum Multiple Input Validation Vulnerabilities

Bugtraq ID:	21111
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Nov 15 2006 12:00AM
Updated:	Nov 20 2006 07:06PM
Credit:	Laurent Gaffi & Benjamin Moss are credited with the discovery of these vulnerabilities.
Vulnerable:	Baal Systems Portal Software
Not Vulnerable:

BaalAsp Forum Multiple Input Validation Vulnerabilities

BaalAsp Forum is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input.

A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.

BaalAsp Forum Multiple Input Validation Vulnerabilities

Attackers may exploit SQL- and HTML-injection vulnerabilities via a standard web client.

BaalAsp Forum Multiple Input Validation Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

BaalAsp Forum Multiple Input Validation Vulnerabilities

References:

• Baal Systems Portal Software Homepage (Baal Systems)
  
• BaalAsp forum [login bypass ,injections sql(post), xss(post)] ( [email protected])