Bug: WebTester 5.0.2 sql injection and XSS vulnerabilities ( Ascii Version )

Search:
WLB2

WebTester 5.0.2 sql injection and XSS vulnerabilities

Published
Credit
Risk
2007.02.19
Moran Zavdi
Medium
CWE
CVE
Local
Remote
CWE-79
CVE-2007-0970
CVE-2007-0969
No
Yes

Application: WebTester
Web Site: http://www.webtester.us/
Versions: 5.0.20060927 and below
Platform: linux, windows, freebsd, sun
Bug: Cross Site Scripting and SQL Injection
Severity: high
Fix Available: No
-------------------------------------------------------
1) Introduction
2) Bug
3) The Code
4) Fix
5) About Vigilon
===============
1) Introduction
===============
WebTester is a full featured solution for online test and quiz creation,
management, and analysis. It runs on any web server that supports the
PHP language, and the intuitive interface makes sure that every
available feature is simple to implement.
======
2) Bug
======
Cross-Site Scripting and SQL Injection.
====================
3) Proof of concept.
====================
For SQL Injection
http://website/webtester/directions.php?testID='
almost every page with GET or POST parameters have SQL injection.
it is possible to create XSS thru several files using POST parameters.
======
4) Fix
======
download the latest version from the web site.
==================
5) About Vigilon
==================
Vigilon Inc. is a security software company that helps organizations,
and the security providers that serve them, reduce business risk while
lowering operational security costs. using the Continual Vigilance
platform.
=============
6) Disclaimer
=============
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.
=============
7) FeedBack
=============
Please send suggestions, updates, and comments to:
Security (at) vigilon (dot) com [email concealed]
http://www.vigilon.com
Credit:
Moran Zavdi.

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version