Web-App.Org and Web-App.Net Multiple Input Validation Vulnerabilities
BID:21684
Info
Web-App.Org and Web-App.Net Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 21684 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 20 2006 12:00AM |
| Updated: | Dec 22 2006 04:17PM |
| Credit: | Shaka_Flex is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Web-APP.org Web-APP.org 0.9.9 4 Web-APP.net Web-APP.net 0.9.9.3.4NE |
| Not Vulnerable: | |
Discussion
Web-App.Org and Web-App.Net Multiple Input Validation Vulnerabilities
Web-APP.org and Web-APP.net are prone to multiple input-validation vulnerabilities, inlcuding a cross-site issue and multiple filter-bypass issues.
An attacker may leverage these issues to bypass the application's filtering mechanism and have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect Web-APP.net 0.9.9.3.4NE and Web-APP.org 0.9.9.4.
Web-APP.org and Web-APP.net are prone to multiple input-validation vulnerabilities, inlcuding a cross-site issue and multiple filter-bypass issues.
An attacker may leverage these issues to bypass the application's filtering mechanism and have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect Web-APP.net 0.9.9.3.4NE and Web-APP.org 0.9.9.4.
Exploit / POC
Web-App.Org and Web-App.Net Multiple Input Validation Vulnerabilities
An attacker can trigger the cross-site scripting vulnerability by enticing a victim user to follow a malicious URI. The attacker can exploit the filter-bypass vulnerability through a web client.
An attacker can trigger the cross-site scripting vulnerability by enticing a victim user to follow a malicious URI. The attacker can exploit the filter-bypass vulnerability through a web client.
Solution / Fix
Web-App.Org and Web-App.Net Multiple Input Validation Vulnerabilities
Solution:
The vendor has released an update to address this issue.
Web-APP.net Web-APP.net 0.9.9.3.4NE
Solution:
The vendor has released an update to address this issue.
Web-APP.net Web-APP.net 0.9.9.3.4NE
-
Web-APP.net 19092006_security_fix.txt
http://www.web-app.net/downloads/security/19092006_security_fix.txt
References
Web-App.Org and Web-App.Net Multiple Input Validation Vulnerabilities
References:
References:
- Web-APP.net Home Page (Web-APP.net)
- Web-APP.org Home Page (Web-APP.org)