|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
Land Down Under (LDU) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'c', 'm' and 'w' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
OSVDB:
Web Related
|
|
Technical |
The vendor has disputed this issue saying "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected." Subsequent posts to security mail lists and lack of followup or technical details suggest Land Down Under may be prone to XSS or SQL Injection attacks.
|
|
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
|
|
Products |
|
Land Down Under (LDU)
 |
800 |
|
|
|
|
|
|
|
Credit |
- bl2k - bl2k
 shabgard.org -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
