MonoQL 0.1a multiple security vulnerabilities

There are multiple security vulnerabilities in MonoQL 0.1a which may allow an attacker to take control of the software.

Software

Software Link: MonoQL

Vulnerable Version: 0.1a ( Previous versions may also be affected )

Vendor Notification: info@jdcommerce.com [ 2010-11-22 3:00AM ]

# 2010-11-22 3:20AM # Vendor Reply: aware of issue # Advisory released

Vulnerabilities

# Information Disclosure # Username Enumeration # 0.1a # Unpatched

"/login" fails to block repeated login attempts or login attempts without a password. If a correct username is supplied it returns the user's ID. An attacker could leverage "/login" to enumerate usernames and user IDs.

# Reflected Cross-Site Scripting (XSS) # 0.1a # Unpatched

The issue is due to failure in the "index" and "login" file to correctly sanitize user-supplied data in the "f" parameter.

# Authentication Bypass # 0.1a # Unpatched

A user can create a new connection without logging in to the user interface by pressing CTRL+T on any page, or by using the following URL :

Reference

# OWASP: Cross-Site Scripting

# OWASP: Information Disclosure

# OWASP: Authentication Bypass

Appendix

[TXT] MonoQL 0.1a multiple security vulnerabilities