[VIM] WebAPP Audit
George A. Theall
theall at tenablesecurity.com
Thu Mar 22 23:59:25 UTC 2007
On 03/22/07 01:40, WebAPP wrote:
> WebAPP (Web Automated Perl Portal) has recently had a security audit.
> Several issues were uncovered, including the following:
>
> Form input validation flaws.
> It was found possible to insert certain characters in order to obtain
> unexpected results from form submissions. Data files could be corrupted by
> percent encoded or otherwise escaped character insertion. Under certain
> conditions, forms could be exploited to allow undesired access to private
> files. With expert use, this could be exploited to execute code on the host
> server.
This sort of information is much more useful. The only thing I would add
would be whether an attacker must be authenticated to exploit the more
serious flaws. I'd hope you ultimately will post that on your site so
your users can understand the risks.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list