{"id": "SECURITYVULNS:DOC:6246", "bulletinFamily": "software", "title": "e107 web portal Referers HTTP Injection", "description": "\r\n\r\nSynopsis:\r\n\r\nAll versions of e107 have a vulnerability that\r\nallows html tags and content to be posted to the stats\r\npage and to be listed under Referers and may also list\r\na screen size that they wish.\r\n\r\n\r\nDescription:\r\n\r\nAll versions of e107 have a vulnerability that\r\nallows html tags and content to be posted to the stats\r\npage and to be listed under Referers and thus allowing\r\nan attacker to put any site link or code they want on\r\nthe list of Referers.\r\n\r\nThe Problem lies within the e107 log plugin\r\nfile /e107_plugins/log/log.php as it does not parse\r\n< > and / tags thus allowing a user to enter html\r\ncontent like so:\r\n\r\ntarget.com/e107_plugins/log/log.php?referer=\r\ncode<br>goes<here>\r\n&color=24&eself=http://www.target.com/stats.php&res=1341X1341\r\n\r\nThis would print out:\r\n\r\ncode\r\ngoes\r\nhere\r\n\r\nIn the Referers list and print out a screen size of\r\n1341x1341 with a color depth of 24.\r\n\r\nImpact:\r\n\r\nThis could lead someone to graffiti the stats page\r\nwith content of their liking which could further lead\r\nsomeone to input their account info, etc. With use\r\nof proxies someone may also advertise their site as\r\nthe top referer.\r\n\r\nWork-around:\r\n\r\nThe easiest way to fix this problem is to\r\nsimply turn off stats all together. Even if you edit\r\nlog.php to parse html tags people will still be able\r\nto post text to the Referers list. ", "published": "2004-05-22T00:00:00", "modified": "2004-05-22T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6246", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:09", "edition": 1, "viewCount": 4, "enchantments": {"score": {"value": 4.8, "vector": "NONE", "modified": "2018-08-31T11:10:09", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2595", "CVE-2018-6246", "CVE-2016-6246", "CVE-2019-6246", "CVE-2015-9286", "CVE-2008-7273", "CVE-2012-6246", "CVE-2008-7272"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-497.NASL", "ORACLELINUX_ELSA-2015-2393.NASL", "SL_20151119_WIRESHARK_ON_SL7_X.NASL", "CENTOS_RHSA-2015-2393.NASL", "SL_20190422_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL"]}, {"type": "openbugbounty", "idList": ["OBB:176909", "OBB:211964", "OBB:212200", "OBB:212333"]}, {"type": "debian", "idList": ["DEBIAN:DLA-497-1:1FD56"]}, {"type": "centos", "idList": ["CESA-2015:2393"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122747"]}], "modified": "2018-08-31T11:10:09", "rev": 2}, "vulnersScore": 4.8}, "affectedSoftware": []}

{"rst": [{"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **aaduio[.]work** in [RST Threat Feed](https://rstcloud.net/profeed) with score **3**.\n First seen: 2020-04-11T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **spam**.\nDomain has DNS A records: 194[.]6.254.120\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-04-11T00:00:00", "id": "RST:9BA5EAD3-6246-3EC9-AD37-0482318FCAC6", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: aaduio.work", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **agu-beautys[.]com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **2**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **spam**.\nDomain has DNS A records: 66[.]6.44.4\nWhois:\n Created: 2016-12-14 05:28:14, \n Registrar: TUCOWS INC, \n Registrant: REDACTED FOR PRIVACY.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:AAB7AFD0-6246-32B8-82C6-3CC982FBE6D1", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: agu-beautys.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **dawn[.]api.coinhive.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-01-17T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-17T00:00:00", "id": "RST:990CF2A4-6246-38D1-A8B4-F68F6EA3E408", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: dawn.api.coinhive.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **sni70811[.]sigmapool.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-24T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-24T00:00:00", "id": "RST:5526305B-6246-30C8-80C8-F99F112C09E9", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: sni70811.sigmapool.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **111[.]229.61.251** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **3**.\n First seen: 2020-06-26T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **generic**.\nASN 45090: (First IP 111.229.0.0, Last IP 111.231.255.255).\nASN Name \"CNNICTENCENTNETAP\" and Organisation \"Shenzhen Tencent Computer Systems Company Limited\".\nASN hosts 473991 domains.\nGEO IP information: City \"\", Country \"China\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-06-26T00:00:00", "id": "RST:64DFA81E-6246-366B-BC37-3938330CC0AB", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: 111.229.61.251", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **108[.]62.58.230** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **1**.\n First seen: 2019-12-17T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **generic**.\nASN 396190: (First IP 108.62.56.0, Last IP 108.62.63.255).\nASN Name \"LEASEWEBUSASEA10\" and Organisation \"Leaseweb USA Inc\".\nASN hosts 229725 domains.\nGEO IP information: City \"Seattle\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-17T00:00:00", "id": "RST:4ECFBF99-6246-3A2B-BF50-469FFD6BC12E", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: 108.62.58.230", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **http://tunedinblog[.]com/wp-includes/pyramidx.exe** in [RST Threat Feed](https://rstcloud.net/profeed) with score **52**.\n First seen: 2021-02-09T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **malware**.\nIt was found that the IOC is used by: **loki_stealer, opendir**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-09T00:00:00", "id": "RST:B118298F-6246-3A1A-9E46-3D1E21286D97", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: http://tunedinblog.com/wp-includes/pyramidx.exe", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-21T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **200[.]73.132.207** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-02-01T03:00:00, Last seen: 2021-02-21T03:00:00.\n IOC tags: **shellprobe, generic**.\nASN 10481: (First IP 200.73.128.0, Last IP 200.73.187.255).\nASN Name \"\" and Organisation \"Prima SA\".\nASN hosts 1138 domains.\nGEO IP information: City \"\", Country \"Argentina\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-01T00:00:00", "id": "RST:01A1884D-6246-3358-B963-C1E0AAA387C5", "href": "", "published": "2021-02-22T00:00:00", "title": "RST Threat feed. IOC: 200.73.132.207", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-14T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **c5db3a6f39237fccf4b0b3144517e51d[.]cz.cc** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-14T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:03516393-6246-3ACD-83A8-3BE3BB31FA61", "href": "", "published": "2021-02-15T00:00:00", "title": "RST Threat feed. IOC: c5db3a6f39237fccf4b0b3144517e51d.cz.cc", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-14T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **bestchange[.]fun** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-14T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:3B48A497-6246-30EE-BC71-A4BF4B6DAF21", "href": "", "published": "2021-02-15T00:00:00", "title": "RST Threat feed. IOC: bestchange.fun", "type": "rst", "cvss": {}}]}