alt-n WebAdmin 3.0.2 – Multiple Vulnerabilities

16次阅读
没有评论

alt-n WebAdmin 3.0.2 – Multiple Vulnerabilities

漏洞ID 1054875 漏洞类型
发布时间 2005-01-28 更新时间 2005-01-28
alt-n WebAdmin 3.0.2 - Multiple VulnerabilitiesCVE编号 N/A
alt-n WebAdmin 3.0.2 - Multiple VulnerabilitiesCNNVD-ID N/A
漏洞平台 CGI CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25067
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/12395/info

Alt-n WebAdmin is reportedly affected by multiple remote vulnerabilities.

The application is affected by multiple cross-site scripting issues. An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

The application is reportedly also affected by an access validation vulnerability with regards to user accounts. This issue could permit an attacker to modify various aspects of an existing users account.

The vendor has addressed these issues in Alt-N WebAdmin 3.03 and later; earlier versions are reportedly vulnerable. 

http://www.example.com/WebAdmin/useredit_account.wdm?user=%3Cscript%3Ealert('test')%3C/script%3E
http://www.example.com/WebAdmin/modalframe.wdm?file=http://other_server/page.wdm

The following proof of concept demonstrates the access validation issue:
http://www.example.com/WebAdmin/useredit_account.wdm?user=otheruser@domain

相关推荐: Cisco IOS Software Input Access List Leakage with NAT

Cisco IOS Software Input Access List Leakage with NAT 漏洞ID 1104774 漏洞类型 Origin Validation Error 发布时间 1999-04-13 更新时间 1999-04-13 CV…

正文完
 0