bitweaver
Wiki
wiki Home
List Pages
wiki Books
Orphan Pages
wiki Rankings
Photos
List Galleries
Forums
Browse forums
Files
List Galleries
Categories
List Categories
Sign In
Message Boards
»
10. Development - Bugs
Newest
Oldest
Threaded
5
10
20
50
100
All
Messages
Bitweaver Multiple SQL Injection and Cross Site Scripting...
Post Reply
Filipino Filipiciu
Joined: 12 Oct 2005
Bitweaver Multiple SQL Injection and Cross Site Scripting...
Posted:20 Dec 2005 (09:58 UTC)
spiderr
Joined: 08 Feb 2004
Security Fix, new release coming....
Posted:20 Dec 2005 (20:38 UTC)
Post Reply
Page 1 of 1
1
Post
Title
Login
If you are already registered, please enter your login credentials.
Your Name
Anonymous Post
Content Format
Tiki Wiki Syntax
Allow HTML
{quote format_guid="bbcode" comment_id="8153" user="filipok"}http://www.frsirt.com/english/advisories/2005/2975 Bitweaver Multiple SQL Injection and Cross Site Scripting Vulnerabilities Advisory ID : FrSIRT/ADV-2005-2975 CVE ID : GENERIC-MAP-NOMATCH Rated as : Moderate Risk Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-12-19 Technical Description Multiple vulnerabilities were identified in Bitweaver, which could be exploited by malicious users to perform SQL injection or cross site scripting attacks. The first issue is due to input validation errors in the "users/my_groups.php" script that does not properly validate the "sort_mode", "post_id", "blog_id" and "search" parameters, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser. The second flaw is due to input validation errors in various scripts that do not properly validate certain parameters, which may be exploited by malicious people to conduct SQL injection attacks. Affected Products Bitweaver version 1.1 and prior Bitweaver version 1.1.1 beta and prior Solution The FrSIRT is not aware of any official supplied patch for this issue. References http://www.frsirt.com/english/advisories/2005/2975 http://pridels.blogspot.com/2005/12/bitweaver-multiple-vuln.html Credits Vulnerabilities reported by r0t{/quote}
Recent Page Changes
welcome to bitweaver.org
Bitweaver Overview
ReleaseTwo Schema Changelog 2006
PressReleaseOne
Spider's Web
Press Release Two
BitcommercePackage
InfiniBand vs Ethernet Performance
InfiniBand for Dummies
Show More…