Access over 35 million academic & study documents

Pentest report casebox 1

Content type
User Generated
Rating
Showing Page:
1/35

Sign up to view the full document!

lock_open Sign Up
Showing Page:
2/35

Sign up to view the full document!

lock_open Sign Up
Showing Page:
3/35

Sign up to view the full document!

lock_open Sign Up
Showing Page:
4/35

Sign up to view the full document!

lock_open Sign Up
End of Preview - Want to read all 35 pages?
Access Now
Unformatted Attachment Preview
Pentest-Report CaseBox 06. - 07.2014 Cure53, Dr.-Ing. Mario Heiderich / Dipl.-Ing. Johannes Dahse Index Intro Scope Identified Vulnerabilities CB-01-001 Arbitrary File Disclosure in Preview (Critical) CB-01-002 Weak Hash in Password Recovery leading to Auth Bypass (Critical) CB-01-003 “F”-Grade SSL Cert allows for feasible Eavesdropping Attacks (High) CB-01-004 XSS via unfiltered Folder- and Action-Name (High) CB-01-005 XSS in Content Field for user-created Actions (High) CB-01-006 Persistent XSS via HTML Upload and Usage of “pw” Parameter (High) CB-01-007 Header Injection via Download and malicious Filenames (Low) CB-01-009 User Profile and other Forms vulnerable to CSRF Attacks (High) CB-01-010 User’s First- and Last-Name vulnerable to XSS Attacks (Critical) CB-01-011 Persistent XSS via SVG Profile Photo Upload (High) CB-01-012 Multiple Apache SOLR Query Injections in the Search Class (Medium) CB-01-014 Remote Code Execution in AutoSetFields Plugin (Critical) CB-01-015 Permission Restriction Bypass using CaseBox API (Critical) CB-01-020 Flash XSS via Sencha Ext JS Vulnerability (High) CB-01-021 Persistent XSS via Upload and File Rename Feature (Medium) CB-01-022 Permission Restriction Bypass in API Objects class (High) CB-01-023 Persistent XSS through Preview of Object Field Data (Medium) CB-01-024 Persistent Passive XSS in Item Title (High) CB-01-025 Persistent XSS via File Name in Upload Queue (Medium) CB-01-027 Apache SOLR Injection Deletes all Documents (High ...
Purchase document to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Anonymous
Really helpful material, saved me a great deal of time.

Studypool
4.7
Indeed
4.5
Sitejabber
4.4

Similar Documents