aspWebAlbum Multiple Input Validation Vulnerabilities
BID:30996
Info
aspWebAlbum Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 30996 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-6978 CVE-2004-1553 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 03 2008 12:00AM |
| Updated: | Jul 05 2016 10:01PM |
| Credit: | Alemin_Krali |
| Vulnerable: |
Full Revolution aspWebCalendar 3.2 |
| Not Vulnerable: | |
Discussion
aspWebAlbum Multiple Input Validation Vulnerabilities
aspWebAlbum is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include a cross-site scripting issue, an SQL-injection issue, and an arbitrary-file-upload issue.
Exploiting these issues can allow an attacker to steal cookie-based authentication credentials, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.
aspWebAlbum 3.2 is vulnerable; other versions may also be affected.
aspWebAlbum is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include a cross-site scripting issue, an SQL-injection issue, and an arbitrary-file-upload issue.
Exploiting these issues can allow an attacker to steal cookie-based authentication credentials, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.
aspWebAlbum 3.2 is vulnerable; other versions may also be affected.
Exploit / POC
aspWebAlbum Multiple Input Validation Vulnerabilities
An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice an unsuspecting user into visiting a malicious URI.
The following proof-of-concept URIs are available:
An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice an unsuspecting user into visiting a malicious URI.
The following proof-of-concept URIs are available:
Solution / Fix
aspWebAlbum Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
aspWebAlbum Multiple Input Validation Vulnerabilities
References:
References:
- aspWebAlbum Home Page (Full Revolution)