Exploit Macromedia JRun 4.0 build 61650 - Administrative Interface Multiple Cross-Site Scripting Vulnerabilities

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
23402
Проверка EDB
  1. Пройдено
Автор
DR_INSANE
Тип уязвимости
WEBAPPS
Платформа
JSP
CVE
null
Дата публикации
2003-11-26
Код:
source: https://www.securityfocus.com/bid/9112/info

A number of cross-site scripting vulnerabilities have been reported for Macromedia Jrun, specifically in the administrative interface. The problem is said to occur due to insufficient sanitization of URI parameters that may be passed to the page by an unauthenticated user.

Successful exploitation of this issue could potentially allow an attacker to steal an administrators authentication credentials, likely leading to further malicious actions taking places. 

http://www.example.com:8000/server/<your server>/webserver/webserverlist.jsp?action=start&externalWebServer=DefaultDomain%3aservice%3d<script code>

http://www.example.com:8000/clusterframe.jsp?cluster=<script code>
 
Источник
www.exploit-db.com

Похожие темы