BID:22829

EPortfolio Client Side Input Validation Vulnerability

Info

EPortfolio Client Side Input Validation Vulnerability

Bugtraq ID:	22829
Class:	Input Validation Error
CVE:	CVE-2007-1332 CVE-2007-1331
Remote:	Yes
Local:	No
Published:	Mar 05 2007 12:00AM
Updated:	Jul 06 2016 02:40PM
Credit:	Stefan Friedli is credited with the discovery of this vulnerability.
Vulnerable:	TKS-Banking Solutions ePortfolio 1.0

Not Vulnerable:

Discussion

EPortfolio Client Side Input Validation Vulnerability

ePortfolio is prone to a client-side input-validation vulnerability because the application fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to perform various attacks that are caused by input-validation vulnerabilities. These may include cross-site scripting attacks, SQL-injection attacks, and possibly others.

Exploit / POC

EPortfolio Client Side Input Validation Vulnerability

Attackers can use a browser to exploit this issue.
http://127.0.0.1/path/search?q=%22%3E%3Cscript%3Ealert%28%27bl4ck%27%29%3C%2Fscript%3E

Solution / Fix

EPortfolio Client Side Input Validation Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

EPortfolio Client Side Input Validation Vulnerability

References:

ePortfolio Homepage (TKS0Banking Solutions)
ePortfolio version 1.0 Java Multiple Input Validation Vulnerabilities ([email protected])