Disqus Shortname

Sunday, 15 May 2016

Web2py Vulnerabilities 2.14.5 : LFI,XSS,CSRF

Web2py Vulnerabilities


This post is about Web2py  Vulnerabilities which we have found, POC`s are created under Mac OS X EI Capitan, But also tested on windows 7 as well as linux platform.

# Exploit Title : Web2py 2.14.5 Multiple Vulnerabilities LFI, XSS,CSRF
# Reported Date : 2-April-2016
# Fixed Date : 4-April-2016
# Exploit Author : Narendra Bhati
# CVE ID : LFI - CVE-2016-4806 , Reflected XSS - CVE-2016-4807 , CSRF - CVE-2016-4808
# Tested On : MAC OS X EI Capitan, Windows 7 64 Bit, Most Linux Platforms.
# Fix/Patching : Update To Web2py. 2.14.6
# Facebook : https://facebook.com/iambhati
# Twitter : http://twitter.com/NarendraBhatiB

Featured post

Pentesting Node.js Application : Nodejs Application Security

Pentesting Node.js Application : Nodejs Application Security Hello folks, Today we will see how we can do Pentesting Of NodeJS Appli...

Popular Posts