Exploit Cisco User-Changeable Password (UCP) 3.3.4.12.5 - 'CSUserCGI.exe' Help Facility Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
31395
Проверка EDB
  1. Пройдено
Автор
FELIX
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2008-0533
Дата публикации
2008-03-12
Код:
source: https://www.securityfocus.com/bid/28222/info
 
Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities.
 
Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks. Exploiting the buffer-overflow vulnerabilities allows attackers to execute code in the context of the affected application, facilitating the remote compromise of affected computers.
 
The buffer-overflow issues are tracked by Cisco Bug ID CSCsl49180. The cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205.
 
These issues affect versions prior to UCP 4.2 when running on Microsoft Windows. 

http://www.example.com/securecgi-bin/CSUserCGI.exe?Help+00.lala.c.hacker%22%22%22%3E%3Ch1%3EHello_Cisco%3C/h1%3E
 
Источник
www.exploit-db.com

Похожие темы