Infoproject Biznis Heroj Multiple Remote Vulnerabilities
BID:51151
Info
Infoproject Biznis Heroj Multiple Remote Vulnerabilities
| Bugtraq ID: | 51151 |
| Class: | Unknown |
| CVE: |
CVE-2011-5039 CVE-2011-5040 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 21 2011 12:00AM |
| Updated: | Jan 10 2012 10:00PM |
| Credit: | Zero Science Labs |
| Vulnerable: |
Infoproject Biznis Heroj 0 |
| Not Vulnerable: | |
Discussion
Infoproject Biznis Heroj Multiple Remote Vulnerabilities
Infoproject Biznis Heroj is prone to multiple remote vulnerabilities, including:
1. Multiple cross-site scripting vulnerabilities
2. Multiple SOL-injection vulnerabilities
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and gain unauthorized access to the affected application.
Infoproject Biznis Heroj is prone to multiple remote vulnerabilities, including:
1. Multiple cross-site scripting vulnerabilities
2. Multiple SOL-injection vulnerabilities
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and gain unauthorized access to the affected application.
Exploit / POC
Infoproject Biznis Heroj Multiple Remote Vulnerabilities
Attackers can exploit the SQL-injection issues through a web browser. An attacker can exploit the cross-site scripting issues by enticing an unsuspecting victim to follow a malicious URI.
Attackers can exploit the SQL-injection issues through a web browser. An attacker can exploit the cross-site scripting issues by enticing an unsuspecting victim to follow a malicious URI.
Solution / Fix
Infoproject Biznis Heroj Multiple Remote Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Infoproject Biznis Heroj Multiple Remote Vulnerabilities
References:
References:
- Infoproject Biznis Heroj (login.php) Authentication Bypass Vulnerability (Zero Science Lab)
- Infoproject Biznis Heroj (XSS/SQLi) Multiple Remote Vulnerabilities (Zero Science Lab)
- Vendor Homepage (Infoproject)