RemotelyAnywhere – Default.HTML Logout Message Injection

RemotelyAnywhere – Default.HTML Logout Message Injection

漏洞ID 1054291 漏洞类型
发布时间 2003-12-11 更新时间 2003-12-11
图片[1]-RemotelyAnywhere – Default.HTML Logout Message Injection-安全小百科CVE编号 N/A
图片[2]-RemotelyAnywhere – Default.HTML Logout Message Injection-安全小百科CNNVD-ID N/A
漏洞平台 CGI CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23432
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/9202/info

RemotelyAnywhere has been reported prone to a logout message injection weakness. It has been reported that this issue presents itself due to a lack of sufficient restrictions performed by RemotelyAnywhere on user supplied 'reason' URI parameters. If a target user followed a malicious link, an attacker could potentially abuse this weakness, to include arbitrary messages in logout screens. This may aid in social engineering type attacks against the target user. 

https://www.example.com:2000/default.html?logout=asdf&reason=Please%20set%20your%20password%20to%20ABC123%20after%20login

相关推荐: acWEB拒绝服务漏洞

acWEB拒绝服务漏洞 漏洞ID 1203388 漏洞类型 输入验证 发布时间 2002-12-31 更新时间 2002-12-31 CVE编号 CVE-2002-2421 CNNVD-ID CNNVD-200212-349 漏洞平台 N/A CVSS评分 7…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享