WebTester Multiple Input Validation Vulnerabilities
BID:22559
Info
WebTester Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 22559 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0969 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 14 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | Moran Zavdi is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
WebTester WebTester 5.0.20060927 |
| Not Vulnerable: | |
Discussion
WebTester Multiple Input Validation Vulnerabilities
WebTester is prone to multiple input-validation issues, including multiple cross-site scripting and multiple SQL-injection issues, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
WebTester 5.0.20060927 and prior versions are vulnerable.
WebTester is prone to multiple input-validation issues, including multiple cross-site scripting and multiple SQL-injection issues, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
WebTester 5.0.20060927 and prior versions are vulnerable.
Exploit / POC
WebTester Multiple Input Validation Vulnerabilities
To exploit a cross-site scripting vulnerability, an attacker entices an unsuspecting user to follow a malicious URI.
To exploit the SQL-injection issues, an attacker can use a web client.
An example URI has been provided for the SQL-injection vulnerability:
http://www.example.com/webtester/directions.php?testID=\'
To exploit a cross-site scripting vulnerability, an attacker entices an unsuspecting user to follow a malicious URI.
To exploit the SQL-injection issues, an attacker can use a web client.
An example URI has been provided for the SQL-injection vulnerability:
http://www.example.com/webtester/directions.php?testID=\'
Solution / Fix
WebTester Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any solutions for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any solutions for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
WebTester Multiple Input Validation Vulnerabilities
References:
References:
- Webtester Web Site (Webtester)
- WebTester 5.0.2 sql injection and XSS vulnerabilities ('Moran Zavdi'