ArbitroWeb PHP Proxy 0.5/0.6 Cross-Site Scripting Vulnerability

ID SSV:77964
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


It is reported that ArbitroWeb is susceptible to a cross-site scripting vulnerability in its rawURL URI parameter.

The URI parameter passed to 'index.php' called 'rawURL' contains the desired target for the proxy to connect to. This parameter is improperly sanitized, and may be used in a cross-site scripting attack.

An attacker may craft a URI that contains malicious HTML or script code. If a victim user follows this link, the HTML contained in the affected URI parameter will be executed in the context of the vulnerable site.

The attacker could use this vulnerability to steal cookie-based authentication credentials, or perform other types of attacks.<script>javascript:alert();</script>