SiteKiosk About Prefix Zone-Bypass Vulnerability
BID:21567
Info
SiteKiosk About Prefix Zone-Bypass Vulnerability
| Bugtraq ID: | 21567 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 12 2006 12:00AM |
| Updated: | Dec 13 2006 06:58PM |
| Credit: | Bret Moore is credited with the discovery of this vulnerability. |
| Vulnerable: |
SiteKiosk SiteKiosk 6.5.149 SiteKiosk SiteKiosk 6.2.51 SiteKiosk SiteKiosk 6.0.98 Final SiteKiosk SiteKiosk 6.0.14 SiteKiosk SiteKiosk 5.5.45 SiteKiosk SiteKiosk 5.5.39 SiteKiosk SiteKiosk 5.5.36 SiteKiosk SiteKiosk 5.5.35 SiteKiosk SiteKiosk 5.5.34 SiteKiosk SiteKiosk 5.0.41 SiteKiosk SiteKiosk 5.0.38 SiteKiosk SiteKiosk 5.0.36 SiteKiosk SiteKiosk 5.0.35 SiteKiosk SiteKiosk 5.0.32 SiteKiosk SiteKiosk 5.0.264 SiteKiosk SiteKiosk 5.0.26 SiteKiosk SiteKiosk 5.0.248 SiteKiosk SiteKiosk 5.0.238 SiteKiosk SiteKiosk 5.0.19 SiteKiosk SiteKiosk 4.97.0 SiteKiosk SiteKiosk 4.96.3 SiteKiosk SiteKiosk 4.96.0 SiteKiosk SiteKiosk 4.96 SiteKiosk SiteKiosk 4.9.14 SiteKiosk SiteKiosk 4.9.11 |
| Not Vulnerable: |
SiteKiosk SiteKiosk 6.5.150 |
Discussion
SiteKiosk About Prefix Zone-Bypass Vulnerability
SiteKiosk is prone to a zone-bypass vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary scripts and gain access to the victim's filesystem. This may lead to other attacks.
Versions prior to 6.5.150 are vulnerable to this issue.
SiteKiosk is prone to a zone-bypass vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary scripts and gain access to the victim's filesystem. This may lead to other attacks.
Versions prior to 6.5.150 are vulnerable to this issue.
Exploit / POC
SiteKiosk About Prefix Zone-Bypass Vulnerability
An attacker can exploit this issue by entering malicious script code into the affected application.
An attacker can exploit this issue by entering malicious script code into the affected application.
Solution / Fix
SiteKiosk About Prefix Zone-Bypass Vulnerability
Solution:
The vendor has released an update to address this issue. Please contact the vendor for details.
Solution:
The vendor has released an update to address this issue. Please contact the vendor for details.
References
SiteKiosk About Prefix Zone-Bypass Vulnerability
References:
References:
- Site Kiosk 6.5.150 Version Description (SiteKiosk)
- Vendor Home Page (SiteKiosk)