Plogger Multiple Input Validation Vulnerabilities
BID:58271
Info
Plogger Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 58271 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 02 2013 12:00AM |
| Updated: | Mar 02 2013 12:00AM |
| Credit: | Saadat Ullah |
| Vulnerable: |
Plogger Plogger 1.0 Rc1 |
| Not Vulnerable: | |
Discussion
Plogger Multiple Input Validation Vulnerabilities
Plogger is prone to following input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data:
1. An SQL-injection vulnerability
2. Multiple cross-site scripting vulnerabilities
3. A cross-site request forgery vulnerability
An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in context of the affected site, steal cookie-based authentication credentials, access or modify data, exploit latent vulnerabilities in the underlying database, and perform certain unauthorized actions; other attacks are also possible.
Plogger 1.0 Rc1 is vulnerable; other versions may also be affected.
Plogger is prone to following input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data:
1. An SQL-injection vulnerability
2. Multiple cross-site scripting vulnerabilities
3. A cross-site request forgery vulnerability
An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in context of the affected site, steal cookie-based authentication credentials, access or modify data, exploit latent vulnerabilities in the underlying database, and perform certain unauthorized actions; other attacks are also possible.
Plogger 1.0 Rc1 is vulnerable; other versions may also be affected.
Exploit / POC
Plogger Multiple Input Validation Vulnerabilities
An attacker can exploit some of these issues through a browser. To exploit some of these vulnerabilities, the attacker must entice an unsuspecting victim to follow a malicious URI.
The following examples URIs and inputs are available:
An attacker can exploit some of these issues through a browser. To exploit some of these vulnerabilities, the attacker must entice an unsuspecting victim to follow a malicious URI.
The following examples URIs and inputs are available:
Solution / Fix
Plogger Multiple Input Validation Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].