Changes between Initial Version and Version 1 of Ticket #196


Ignore:
Timestamp:
Mar 13, 2008, 2:27:51 AM (16 years ago)
Author:
christoph
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #196 – Description

    initial v1  
    66
    77
    8 == Details==
     8== Details ==
    99
    1010Product: Mapbender
     
    2121
    2222
    23 == Introduction==
     23== Introduction ==
    2424
    2525"Mapbender is the software and portal site for geodata management of OGC
     
    3535
    3636
    37 == More Details==
     37== More Details ==
    3838
    3939Due to the lack of input validation, an attacker is able to inject
     
    5656
    5757
    58 == Proof of Concept==
     58== Proof of Concept ==
    5959
    6060The following request retrieves the first username and password hash
     
    6767
    6868
    69 == Workaround==
     69== Workaround ==
    7070
    7171None.
    7272
    7373
    74 == Fix==
     74== Fix ==
    7575
    7676The vulnerability is fixed in release 2.4.5 rc1.
    7777
    7878
    79 == Security Risk==
     79== Security Risk ==
    8080
    8181As an attacker is able to e.g. get the password hashes of the
     
    8383
    8484
    85 == History==
     85== History ==
    8686
    87872007-12-14 Problem identified during a penetration test
     
    9292
    9393
    94 == RedTeam Pentesting GmbH==
     94== RedTeam Pentesting GmbH ==
    9595
    9696RedTeam Pentesting is offering individual penetration tests, short