[VIM] WebAPP Audit

George A. Theall theall at tenablesecurity.com
Thu Mar 22 23:59:25 UTC 2007


On 03/22/07 01:40, WebAPP wrote:

> WebAPP (Web Automated Perl Portal) has recently had a security audit.
> Several issues were uncovered, including the following:
> 
> Form input validation flaws.
>      It was found possible to insert certain characters in order to obtain
> unexpected results from form submissions. Data files could be corrupted by
> percent encoded or otherwise escaped character insertion. Under certain
> conditions, forms could be exploited to allow undesired access to private
> files. With expert use, this could be exploited to execute code on the host
> server.

This sort of information is much more useful. The only thing I would add 
would be whether an attacker must be authenticated to exploit the more 
serious flaws. I'd hope you ultimately will post that on your site so 
your users can understand the risks.


George
-- 
theall at tenablesecurity.com


More information about the VIM mailing list