PTK Cross Site Scripting and Information Disclosure Vulnerabilities
BID:52817
Info
PTK Cross Site Scripting and Information Disclosure Vulnerabilities
| Bugtraq ID: | 52817 |
| Class: | Unknown |
| CVE: |
CVE-2012-5901 CVE-2012-5902 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2012 12:00AM |
| Updated: | Jan 11 2013 01:10PM |
| Credit: | Anonymous |
| Vulnerable: |
DFLabs PTK 1.0.5 |
| Not Vulnerable: | |
Discussion
PTK Cross Site Scripting and Information Disclosure Vulnerabilities
PTK is prone to cross-site scripting and information-disclosure vulnerabilities.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The attacker may also obtain sensitive information.
PTK is prone to cross-site scripting and information-disclosure vulnerabilities.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The attacker may also obtain sensitive information.
Exploit / POC
PTK Cross Site Scripting and Information Disclosure Vulnerabilities
Attackers may exploit these issues via a browser. To exploit a cross-site scripting issue, an attacker must entice an unsuspecting victim into following a malicious URI.
Examples are available. Please see references for more information.
Attackers may exploit these issues via a browser. To exploit a cross-site scripting issue, an attacker must entice an unsuspecting victim into following a malicious URI.
Examples are available. Please see references for more information.
Solution / Fix
PTK Cross Site Scripting and Information Disclosure Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
PTK Cross Site Scripting and Information Disclosure Vulnerabilities
References:
References:
- Multiple PTK DFlabs failures to restrict access to sensitive data (SecBugs)
- PTK Homepage (DFLabs)