- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 23432
- Проверка EDB
-
- Пройдено
- Автор
- OLIVER KAROW
- Тип уязвимости
- WEBAPPS
- Платформа
- CGI
- CVE
- N/A
- Дата публикации
- 2003-12-11
Код:
source: https://www.securityfocus.com/bid/9202/info
RemotelyAnywhere has been reported prone to a logout message injection weakness. It has been reported that this issue presents itself due to a lack of sufficient restrictions performed by RemotelyAnywhere on user supplied 'reason' URI parameters. If a target user followed a malicious link, an attacker could potentially abuse this weakness, to include arbitrary messages in logout screens. This may aid in social engineering type attacks against the target user.
https://www.example.com:2000/default.html?logout=asdf&reason=Please%20set%20your%20password%20to%20ABC123%20after%20login- Источник
- www.exploit-db.com
