3 matches found
LocalTapiola: Exposed authentication (/cs/Satellite)
Basic report information Brute Force and Information disclosure Domain: www.lahitapiola.fi Steps To Reproduce: REQUEST POST /cs/Satellite HTTP/1.1 Host: www.lahitapiola.fi User-Agent: Mozilla/5.0 Windows NT 6.2; WOW64; rv:18.0 Gecko/20100101 Firefox/18.0 Accept:...
LocalTapiola: Reflected XSS Vulnerability in www.lahitapiola.fi/cs/Satellite
Issue The reporter found issues related to previous reports, namely 170532 aka. the gift that keeps on giving. This time the page pagename=TAArchiveWrapper and the localisation -parameter was vulnerable to XSS. Fix Additional protections were tested and put in place. Reasoning Mitigating issues a...
LocalTapiola: SQL Injection on `/cs/Satellite` path
Summary There exists an SQL Injection vulnerability on the path /cs/Satellite. This path accepts numerous fields, including blobtable, blobcol, blobkey and blobwhere. It is possible to sufficiently manipulate the the blobwhere field in order to trigger a time-based blind SQL Injection attack. Sco...