MapInfo Discovery 1.0/1.1 – ‘MapFrame.asp?mapname’ Cross-Site Scripting
漏洞ID | 1054522 | 漏洞类型 | |
发布时间 | 2004-07-15 | 更新时间 | 2004-07-15 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | ASP | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/10927/info
Multiple remote vulnerabilities are reported in MapInfo Discovery.
The first issue is reported to be an information disclosure vulnerability. An attacker may gain access to potentially sensitive error log information that could aid an attacker in further system compromise.
The second issue is reported to be a cross-site scripting vulnerability. The application fails to properly sanitize user-supplied URI argument data. This could allow for execution of hostile HTML and script code in the web client of a user who visits a malicious link to the vulnerable site. This code execution would occur in the security context of the site hosting the vulnerable software. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.
The third issue is reported to be a plaintext password information disclosure vulnerability. An attacker with the ability to sniff network traffic could capture user and SQL database credentials.
The fourth issue is reported to be an administrative login authentication bypass vulnerability. An attacker with a regular user account on the application can gain administrative access.
MapInfo Discovery versions 1.0 and 1.1 are reported susceptible to these vulnerabilities.
http://www.example.com/midiscovery/MapFrame.asp?mapID=5&mapname=<script>
相关推荐: BitchX Remote Cluster() Heap Corruption Vulnerability
BitchX Remote Cluster() Heap Corruption Vulnerability 漏洞ID 1100668 漏洞类型 Boundary Condition Error 发布时间 2003-03-14 更新时间 2003-03-14 C…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666