Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

WebBatch Applications Cross Site Scripting Vulrnability

from [DoZ] Network Security [Permanent Link]
Subject: WebBatch Applications Cross Site Scripting Vulrnability
Date: 20 Sep 2007 03:39:48 -0000 
[HSC] WebBatch Applications Cross Site Scripting Vulrnability

This issue is due to a failure in the application to properly sanitize 
user-supplied input. Attackers may exploit this issue via a web client. An 
attacker may leverage this issue to have arbitrary script code execute in 
the browser of an unsuspecting user in the context of the affected site. 
This may help the attacker steal cookie-based authentication credentials 
and launch other attacks.



Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz


Risk: Medium
Class: Input Validation Error
Remote: YES
Local: N/A
Platform: Windows Servers


Vendor: Wilson WindowWare, Inc
Product: WebBatch

http://winbatch.com/


Vulrnable Files:

webbatch.exe


* Attackers can exploit these issues via a web client.


Exploits:

/webcgi/webbatch.exe?XSS
/webcgi/webbatch.exe?PATH/XSS


Remote System Info Exposure:

/webcgi/webbatch.exe?dumpinputdata



Google Search:  (webbatch.exe)

http://www.google.com/search?hl=en&q=ext%3Aexe+inurl%3A%28%7Cwebbatch%7C%29&btnG=Search




Only becoming a Ethical Hacker, you can stop a Hacker. Learn with out having
to pay thousands!- http://kit.hackerscenter.com - The most comprehensive 
security
pack you will ever find on the net!
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • WebBatch Applications Cross Site Scripting Vulrnability, DoZ <=
Previous by Date:  SimplePHPBlog Hacking, webmaster666
Next by Date:  Re: 0day: PDF pwns Windows, Gadi Evron
Previous by Thread:  SimplePHPBlog Hacking, webmaster666
Next by Thread:  PhpBB Xs 2 profile.php Permanent Xss Vulnerability, h3llcode
Indexes:  [Date] [Thread] [Top] [All Lists]