Fiche créée le 2003-10-24 14:52:32, dernière mise à jour le 2010-10-10 00:17:25
CensorNet contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "DENIEDURL" variable upon submission to the "dansguardian.pl" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
http://[target]/cgi-bin/dansguardian.pl?DENIEDURL=
|
| |
| Adelix Ltd. 3.0 Affected |
| Adelix Ltd. 3.1 Affected |
| Adelix Ltd. 3.2 Affected |
| Daniel Barron 2.2.2.10 Affected |
| Daniel Barron 2.2.2.4 Affected |
| Daniel Barron 2.2.2.5 Affected |
| Daniel Barron 2.2.2.6 Affected |
| Daniel Barron 2.2.2.7 Affected |
| Daniel Barron 2.2.2.7-1 Affected |
| Daniel Barron 2.2.2.8 Affected |
| Daniel Barron 2.2.2.9 Affected |
| Daniel Barron 2.2.2.9-1 Affected |
| Daniel Barron 2.2.4.5-1 Affected |
| Daniel Barron 2.2.6.1-5 Affected |
| Daniel Barron 2.2.7.3-1 Affected |
| |
Attack Type : Input Manipulation
XSS, SQL injection, file retrieval, directory traversal, overflows, URL encoding. |
Découvert le 2003-10-22 07:00:00
|
| Disclosure : OSVDB Verified |
Confirmé le 2003-10-22 07:00:00
|
| Exploit : Exploit Public |
Exploit découvert le 2003-10-23 07:00:00
|
Impact : Loss of Integrity
Assurance that data is unaltered by unauthorized persons.
Examples: XSS, arbitrary command execution, most overflows, most format strings, SQL injection, unauthorized file modification/deletion/creation, remote file inclusion, etc. |
| |
Location : Remote / Network Access
If network access if required and exploit can be done remotely. |
| |
OSVDB : Web Related
The vulnerability is a web issue and will have an associated security check. |
| |
| |
| External refs : |
| OSVDB 2748 |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
