Doop Content Management System Multiple Input Validation Vulnerabilities
BID:23482
Info
Doop Content Management System Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 23482 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2007 12:00AM |
| Updated: | Jul 06 2007 08:47PM |
| Credit: | KaBuS is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Doop Doop Content Management System 1.3.6 Doop Doop Content Management System 1.3.5 Doop Doop Content Management System 1.3 |
| Not Vulnerable: | |
Discussion
Doop Content Management System Multiple Input Validation Vulnerabilities
Doop Content Management System is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data.
Doop Content Management System is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data.
Exploit / POC
Doop Content Management System Multiple Input Validation Vulnerabilities
To exploit these vulnerabilities, an attacker can use a browser or entice an unsuspecting user into following a malicious URI.
The following exploit examples are available:
To exploit these vulnerabilities, an attacker can use a browser or entice an unsuspecting user into following a malicious URI.
The following exploit examples are available:
Solution / Fix
Doop Content Management System Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Doop Content Management System Multiple Input Validation Vulnerabilities
References:
References:
- Doop Content Management System Web Site (Doop Content Management System)