Advanced Webhost Billing System Multiple Vulnerabilities
BID:25089
Info
Advanced Webhost Billing System Multiple Vulnerabilities
| Bugtraq ID: | 25089 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4113 CVE-2007-4112 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 27 2007 12:00AM |
| Updated: | Jul 06 2016 02:17PM |
| Credit: | Justin Samuel is credited with discovering these vulnerabilities. |
| Vulnerable: |
Advanced Webhost Billing System AWBS 2.5.1 |
| Not Vulnerable: |
Advanced Webhost Billing System AWBS 2.6 |
Discussion
Advanced Webhost Billing System Multiple Vulnerabilities
Advanced Webhost Billing System (AWBS) is prone to a cross-site scripting issue, a SQL-injection issue, and an information-disclosure issue.
An attacker may leverage these issues to access sensitive information, access or modify databases, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect AWBS 2.5.1.
Advanced Webhost Billing System (AWBS) is prone to a cross-site scripting issue, a SQL-injection issue, and an information-disclosure issue.
An attacker may leverage these issues to access sensitive information, access or modify databases, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect AWBS 2.5.1.
Exploit / POC
Advanced Webhost Billing System Multiple Vulnerabilities
An attacker can exploit the cross-site scripting issue by enticing an unsuspecting user to follow a malicious URI. The attacker can use a browser to exploit the information-disclosure and SQL-injection vulnerabilities.
An attacker can exploit the cross-site scripting issue by enticing an unsuspecting user to follow a malicious URI. The attacker can use a browser to exploit the information-disclosure and SQL-injection vulnerabilities.
Solution / Fix
Advanced Webhost Billing System Multiple Vulnerabilities
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
Advanced Webhost Billing System Multiple Vulnerabilities
References:
References: