Exploit Netegrity IdentityMinder Web Edition 5.6 - Null Byte Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
24244
Проверка EDB
  1. Пройдено
Автор
[email protected]
Тип уязвимости
WEBAPPS
Платформа
CGI
CVE
cve-2004-0672
Дата публикации
2004-07-01
Код:
source: https://www.securityfocus.com/bid/10645/info

Netegrity IdentityMinder is a tool designed for the Microsoft Windows platform to manage and maintain users and user accounts. The tool supports a web based interface for creating and removing users in multi-user environments.

It has been reported that Netegrity IdentityMinder is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed by an unsuspecting user, the hostile code may be rendered in the their web browser. This would occur in the security context of the web server and may allow for theft of cookie-based authentication credentials as well as arbitrary application command execution.

http://www.example.com/idm/siteName/ims_mainconsole_principalpopuphandler.do?searchAttrs0=%25GROUP_NAME%25&searchOperators0=EQUALS&searchFilter0=&searchOrgDN=specifiedDNValue&incChildrenOrgFlag=NO&resultsPerPage=10&oid=&imsui_taskstate=RESOLVE_SCOPE&imsui_tpnametosearch=group&numOfExpressions=1%00<script>alert(document.cookie)</script>
 
Источник
www.exploit-db.com

Похожие темы