Exploit Mailtraq 2.2 - 'Browse.asp' Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
22730
Проверка EDB
  1. Пройдено
Автор
ZIV KAMIR
Тип уязвимости
WEBAPPS
Платформа
ASP
CVE
N/A
Дата публикации
2003-06-04
Код:
source: https://www.securityfocus.com/bid/7813/info

Mailtraq is vulnerable to cross-site scripting attacks. The vulnerability exists due to insufficient sanitization of HTTP requests to the vulnerable Mailtraq server.

An attacker can exploit this vulnerability by manipulating the 'cfolder' URI parameter to the browse.asp script and sending a link to a victim user. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link. 

http://www.example.org/browse.asp?<script>alert(document.cookie)</script>
 
Источник
www.exploit-db.com

Похожие темы