Wuzly Multiple Security Vulnerabilities
BID:51114
Info
Wuzly Multiple Security Vulnerabilities
| Bugtraq ID: | 51114 |
| Class: | Unknown |
| CVE: |
CVE-2011-3835 CVE-2011-3836 CVE-2011-3837 CVE-2011-3838 CVE-2011-3839 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 19 2011 12:00AM |
| Updated: | Dec 19 2011 12:00AM |
| Credit: | Morten Bartvig, Secunia Research |
| Vulnerable: |
Wuzly Wuzly 2.0 |
| Not Vulnerable: | |
Discussion
Wuzly Multiple Security Vulnerabilities
Wuzly is prone to multiple cross-site scripting vulnerabilities, multiple SQL-injection vulnerabilities, a file-include vulnerability, an HTMLl-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, exploit latent vulnerabilities in the underlying database, access or modify data, execute arbitrary script code in the context of the webserver process, gain unauthorized access, or bypass certain security restrictions.
Wuzly is prone to multiple cross-site scripting vulnerabilities, multiple SQL-injection vulnerabilities, a file-include vulnerability, an HTMLl-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, exploit latent vulnerabilities in the underlying database, access or modify data, execute arbitrary script code in the context of the webserver process, gain unauthorized access, or bypass certain security restrictions.
Exploit / POC
Wuzly Multiple Security Vulnerabilities
An attacker can use a web browser to exploit some of these issues.
To exploit a cross-site scripting or cross-site request forgery vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.
An attacker can use a web browser to exploit some of these issues.
To exploit a cross-site scripting or cross-site request forgery vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.
Solution / Fix
Wuzly Multiple Security Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Wuzly Multiple Security Vulnerabilities
References:
References:
- Wuzly "preview" Local File Inclusion Vulnerability (Secunia)
- Wuzly "username" Script Insertion Vulnerability (Secunia)
- Wuzly Authentication Bypass Vulnerability (Secunia)
- Wuzly Cross-Site Request Forgery Vulnerability (Secunia)
- Wuzly Four SQL Injection Vulnerabilities (Secunia)
- Wuzly Homepage (Wuzly)
- Wuzly Twenty Four Cross-Site Scripting Vulnerabilities (Secunia)