Ripe Website Manager Multiple Input Validation Vulnerabilities
BID:23597
Info
Ripe Website Manager Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 23597 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 23 2007 12:00AM |
| Updated: | Apr 23 2007 10:30PM |
| Credit: | John Martinelli is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Ripe Website Manager Ripe Website Manager 0.8.4 |
| Not Vulnerable: | |
Discussion
Ripe Website Manager Multiple Input Validation Vulnerabilities
Ripe Website Manager is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an SQL-injection issue.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
This issue affects Ripe Website Manager 0.8.4 and prior versions.
Ripe Website Manager is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an SQL-injection issue.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
This issue affects Ripe Website Manager 0.8.4 and prior versions.
Exploit / POC
Ripe Website Manager Multiple Input Validation Vulnerabilities
An attacker can exploit an SQL-injection vulnerability via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice an unsuspecting victim to follow a malicious URI.
The following exploit code is available:
An attacker can exploit an SQL-injection vulnerability via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice an unsuspecting victim to follow a malicious URI.
The following exploit code is available:
Solution / Fix
Ripe Website Manager Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Ripe Website Manager Multiple Input Validation Vulnerabilities
References:
References: