WebTester 5.0.2 sql injection and XSS vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1053046 漏洞类型
发布时间 2007-02-19 更新时间 2007-02-19
CVE编号 CVE-2007-0970
CVE-2007-0969
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2007020064
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Application: WebTester
Web Site: http://www.webtester.us/
Versions: 5.0.20060927 and below
Platform: linux, windows, freebsd, sun
Bug: Cross Site Scripting and SQL Injection
Severity: high
Fix Available: No
-------------------------------------------------------
1) Introduction
2) Bug
3) The Code
4) Fix
5) About Vigilon
===============
1) Introduction
===============
WebTester is a full featured solution for online test and quiz creation,
management, and analysis. It runs on any web server that supports the
PHP language, and the intuitive interface makes sure that every
available feature is simple to implement.
======
2) Bug
======
Cross-Site Scripting and SQL Injection.
====================
3) Proof of concept.
====================
For SQL Injection
http://website/webtester/directions.php?testID='
almost every page with GET or POST parameters have SQL injection.
it is possible to create XSS thru several files using POST parameters.
======
4) Fix
======
download the latest version from the web site.
==================
5) About Vigilon
==================
Vigilon Inc. is a security software company that helps organizations,
and the security providers that serve them, reduce business risk while
lowering operational security costs. using the Continual Vigilance
platform.
=============
6) Disclaimer
=============
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.
=============
7) FeedBack
=============
Please send suggestions, updates, and comments to:
Security (at) vigilon (dot) com [email concealed]
http://www.vigilon.com
Credit:
Moran Zavdi.