Re: Re: Menu Manager Mod for WebAPP - No Input Filtering

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: Menu Manager Mod for WebAPP - No Input Filtering
From: web-app@xxxxxxxxxxx
Date: 16 Jul 2007 21:53:57 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Is this new report valid or is it just web-app.net blowing smoke? WebAPP at 
web-app.org has received no mention of it, cannot find any sites that have been 
hacked, and has not found this problem in source code. With this version's 
current download count at 1490, there have been no reports of anyone having 
been exploited. Statement "Guests can edit files on the server by:
http://victim-domain/cgi-bin/index.cgi?action=menu"; is true, if said Guests are 
registered members. This is by design. So far we are unaware of a problem with 
it other than Mr. Elpeleg's post.

Prev by Date: Official release of SQL Power Injector 1.2
Next by Date: LFI On SMF 1.1.3
Previous by thread: Re: Menu Manager Mod for WebAPP - No Input Filtering
Next by thread: iDefense Security Advisory 06.12.07: Microsoft License Manager and urlmon.dll COM Object Interaction Invalid Memory Access Vulnerability
Index(es):
- Date
- Thread