OTSCMS Multiple Input Validation Vulnerabilities
BID:22450
Info
OTSCMS Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 22450 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0846 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 07 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | GregStar is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
OTSCMS OTSCMS 2.1.5 OTSCMS OTSCMS 2.1.4 OTSCMS OTSCMS 2.1.3 OTSCMS OTSCMS 2.0 OTSCMS OTSCMS 1.4.1 OTSCMS OTSCMS 1.3 OTSCMS OTSCMS 1.0 |
| Not Vulnerable: | |
Discussion
OTSCMS Multiple Input Validation Vulnerabilities
OTSCMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
These issues affect OTSCMS 2.1.5 and prior versions.
OTSCMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
These issues affect OTSCMS 2.1.5 and prior versions.
Exploit / POC
OTSCMS Multiple Input Validation Vulnerabilities
To exploit a cross-site scripting issue, an attacker can entices an unsuspecting user into following a malicious URI.
To exploit an SQL-injection issue, an attacker can use a web client.
The following proof-of-concept URIs are available:
http://www.example.com/forum.php?module=User&command=profile&name=[xss]
http://www.example.com/priv.php?command=reply&id=-1%20UNION%20SELECT%20accno,null,password%20FROM%20accounts
To exploit a cross-site scripting issue, an attacker can entices an unsuspecting user into following a malicious URI.
To exploit an SQL-injection issue, an attacker can use a web client.
The following proof-of-concept URIs are available:
http://www.example.com/forum.php?module=User&command=profile&name=[xss]
http://www.example.com/priv.php?command=reply&id=-1%20UNION%20SELECT%20accno,null,password%20FROM%20accounts
Solution / Fix
OTSCMS Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].