Interspire E-mail Marketer suffers from a Cross Site-Scripting vulnerability that allows to inject HTML and malicious scripts.
The vulnerable code is at: /admin/index.php
The vulnerable parameter is: "Page"
Proof of Concept:
http://[domain]/admin/index.php?Page={XSS}&Action=Login
Google Dork:
inurl:admin/index.php?Page= intext:Interspire
Version 6 is vulnerable [tested on v 6.1.0].
The vulnerable code is at: /admin/index.php
The vulnerable parameter is: "Page"
Proof of Concept:
http://[domain]/admin/index.php?Page={XSS}&Action=Login
Google Dork:
inurl:admin/index.php?Page= intext:Interspire
Version 6 is vulnerable [tested on v 6.1.0].
that
can access any cookies, session tokens, or other - See more at:
http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
that
can access any cookies, session tokens, or other - See more at:
http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
sensitive information retained by your browser and used with that site -
See more at:
http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
that allows to inject HTML and malicious scripts that can access any
cookies, session tokens, or other sensitive information retained by your
browser and used with that site. - See more at:
http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
that allows to inject HTML and malicious scripts that can access any
cookies, session tokens, or other sensitive information retained by your
browser and used with that site. - See more at:
http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
Aucun commentaire:
Enregistrer un commentaire