|
MapInfo Discovery Multiple Remote Vulnerabilities
An exploit is not required. Proof of concept examples were provided: Issue 1, the URI to retrieve the error log of the application: http://www.example.com/midiscovery/ErrLog/mi3errors.log Issue 2, an example URI containing a cross-site scripting attack: http://www.example.com/midiscovery/MapFrame.asp?mapID=5&mapname=<script> Issue 3, this URI handles user authentication in plaintext over a non-encrypted HTTP session: http://www.example.com/midiscovery/asplib/SignIn.asp Issue 3, an example of HTML form data containing SQL database credentials: <INPUT TYPE="text" size="30" maxlength="50" NAME="DatabaseName" Value="MIDiscovery" > <INPUT TYPE="text" size="30" maxlength="50" NAME="DatabaseServerName" Value="10.0.0.2"> <INPUT TYPE="text" size="30" maxlength="70" NAME="DatabaseUserName" Value="midiscovery"> <INPUT TYPE="password" size="21" maxlength="20" NAME="DatabaseUserPassword1" Value="lirumisu69"> <INPUT TYPE="password" size="21" maxlength="20" NAME="DatabaseUserPassword2" Value="lirumisu69"> Issue 4, an example of a URI containing the 'ps' administrative flag: http://www.example.com/midiscovery/asplib/MapPassword.asp?id=140&ps=0&Wrong=1 |
|
|
Privacy Statement |
