alt-n WebAdmin 3.0.2 – Multiple Vulnerabilities

alt-n WebAdmin 3.0.2 – Multiple Vulnerabilities

漏洞ID 1054875 漏洞类型
发布时间 2005-01-28 更新时间 2005-01-28
图片[1]-alt-n WebAdmin 3.0.2 – Multiple Vulnerabilities-安全小百科CVE编号 N/A
图片[2]-alt-n WebAdmin 3.0.2 – Multiple Vulnerabilities-安全小百科CNNVD-ID N/A
漏洞平台 CGI CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25067
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/12395/info

Alt-n WebAdmin is reportedly affected by multiple remote vulnerabilities.

The application is affected by multiple cross-site scripting issues. An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

The application is reportedly also affected by an access validation vulnerability with regards to user accounts. This issue could permit an attacker to modify various aspects of an existing users account.

The vendor has addressed these issues in Alt-N WebAdmin 3.03 and later; earlier versions are reportedly vulnerable. 

http://www.example.com/WebAdmin/useredit_account.wdm?user=%3Cscript%3Ealert('test')%3C/script%3E
http://www.example.com/WebAdmin/modalframe.wdm?file=http://other_server/page.wdm

The following proof of concept demonstrates the access validation issue:
http://www.example.com/WebAdmin/useredit_account.wdm?user=otheruser@domain

相关推荐: Cisco IOS Software Input Access List Leakage with NAT

Cisco IOS Software Input Access List Leakage with NAT 漏洞ID 1104774 漏洞类型 Origin Validation Error 发布时间 1999-04-13 更新时间 1999-04-13 CV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享