Tyger Bug Tracking System Multiple Input Validation Vulnerabilities

Bugtraq ID:	22799
Class:	Input Validation Error
CVE:	CVE-2007-1289
Remote:	Yes
Local:	No
Published:	Feb 26 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	CorryL is credited with the discovery of these vulnerabilities.
Vulnerable:	Tyger Bug Tracking System Tyger Bug Tracking System 1.1.3
Not Vulnerable:

Tyger Bug Tracking System Multiple Input Validation Vulnerabilities

Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, retrieve and overwrite sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Tyger Bug Tracking System Multiple Input Validation Vulnerabilities


To exploit the SQL-injection issue:

http://www.example.com/ViewBugs.php?s=[sql]&o=ASC

To exploit the cross-site scripting issue:

An attacker can exploit this issue by enticing an unsuspecting user into following a malicious URI.

http://www.example.com/Login.php/>">[XSS]

http://www.example.com/Register.php/>">[XSS]

Tyger Bug Tracking System Multiple Input Validation Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Tyger Bug Tracking System Multiple Input Validation Vulnerabilities

References:

• Tyger Bug Tracking System Homepage (Tyger Bug Tracking System)
  
• Tyger Bug Tracking System Multiple Vulnerability ([email protected])