Lucene search
Aliaksandr HartsuyeuPACKETSTORM:44337HistoryMar 03, 2006 - 12:00 a.m.
EV0083.txt
2006-03-0300:00:00
Aliaksandr Hartsuyeu
packetstormsecurity.com
24
EPSS
0.019
Percentile
88.4%
`New eVuln Advisory:
E-Blah Platinum 'Referer' XSS Vulnerability
http://evuln.com/vulns/83/summary.html
--------------------Summary----------------
eVuln ID: EV0083
CVE: CVE-2006-0829
Software: E-Blah Platinum
Sowtware's Web Site: http://www.eblah.com
Versions: 9.7
Critical Level: Moderate
Type: Cross-Site Scripting
Class: Remote
Status: Patched
Exploit: Available
Solution: Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
-----------------Description---------------
Vulnerable script: Code/Routines.pl
Environment variable 'HTTP_REFERER' isn't properly sanitized. This can be used to post HTTP query with fake Referer value which may contain arbitrary html or script code. This code will be executed when administrator will open "Click Log".
Administrator's login and password are threatened.
--------------Exploit----------------------
Available at: http://evuln.com/vulns/83/exploit.html
Example of HTTP Query:
GET /cgi-bin/Blah.pl HTTP/1.0
Host: [host]
Referer: [XSS]
--------------Solution---------------------
Vendor-provided patch is available here:
http://www.eblah.com/forum/m-1140116897/
--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.
`
Related
nvd
nvd
CVE-2006-0829
2006-02-21 23:02:00
securityvulns
securityvulns
[eVuln] E-Blah Platinum 'Referer' XSS Vulnerability
2006-03-03 00:00:00
cvelist
cvelist
CVE-2006-0829
2006-02-21 23:00:00
prion
prion
Cross site scripting
2006-02-21 23:02:00
cve
cve
CVE-2006-0829
2006-02-21 23:02:00