GreenSQL Web Management Tool Multiple HTML Injection Vulnerabilities
BID:25767
Info
GreenSQL Web Management Tool Multiple HTML Injection Vulnerabilities
| Bugtraq ID: | 25767 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5059 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 21 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | laurent gaffie is credited with the discovery of this vulnerability. |
| Vulnerable: |
GreenSQL GreenSQL 0.2.2 |
| Not Vulnerable: |
GreenSQL GreenSQL 0.2.3 |
Discussion
GreenSQL Web Management Tool Multiple HTML Injection Vulnerabilities
GreenSQL is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
These issues affect GreenSQL 0.2.2; prior versions may also be affected.
GreenSQL is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
These issues affect GreenSQL 0.2.2; prior versions may also be affected.
Exploit / POC
GreenSQL Web Management Tool Multiple HTML Injection Vulnerabilities
Attackers can exploit these issues via a browser.
Attackers can exploit these issues via a browser.
Solution / Fix
GreenSQL Web Management Tool Multiple HTML Injection Vulnerabilities
Solution:
The vendor released an update to address this issue. Please see the references for more information.
GreenSQL GreenSQL 0.2.2
Solution:
The vendor released an update to address this issue. Please see the references for more information.
GreenSQL GreenSQL 0.2.2
-
GreenSQL greensql-console-0.2.3.tar.gz
http://downloads.sourceforge.net/greensql/greensql-console-0.2.3.tar.g z?modtime=1190533959&big_mirror=0
References
GreenSQL Web Management Tool Multiple HTML Injection Vulnerabilities
References:
References:
- GreenSQL 0.2.3 Release Notes (GreenSQL)
- GreenSQL Homepage (GreenSQL)
- greensql firewall permanent xss ([email protected])