 |
|
|
|
| Vulnerability details : |
| |
 |
|
Net Clubs Pro sendim.cgi Multiple Parameter XSS |
|
|
Fiche créée le 2006-04-20 09:32:42, dernière mise à jour le 2009-04-30 03:21:46
Net Clubs Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'onuser', 'pass', 'chatsys', 'room', 'username' and 'to' variables upon submission to the 'sendim.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
| |
| aasi Media 4.0 Affected | | | Attack Type : Input Manipulation
XSS, SQL injection, file retrieval, directory traversal, overflows, URL encoding. | Découvert le 2006-04-20 09:32:35
| | Exploit : Exploit Public | Exploit découvert le 2006-04-20 07:00:00
| Impact : Loss of Integrity
Assurance that data is unaltered by unauthorized persons.
Examples: XSS, arbitrary command execution, most overflows, most format strings, SQL injection, unauthorized file modification/deletion/creation, remote file inclusion, etc. | | | Location : Remote / Network Access
If network access if required and exploit can be done remotely. | | | OSVDB : Web Related
The vulnerability is a web issue and will have an associated security check. | | |
| |
| External refs : |
| OSVDB 24754 | | | | | | | | | | | | | | | | | | | | |
| |
| |
| |
| |
|
|
|
|
| Free consultation (search) |
|
|
|
|
|
| |
|
|
|
