- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 24231
- Проверка EDB
-
- Пройдено
- Автор
- JOSH GILMOUR
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2004-0617
- Дата публикации
- 2004-06-22
Код:
source: https://www.securityfocus.com/bid/10592/info
It is reported that ArbitroWeb is susceptible to a cross-site scripting vulnerability in its rawURL URI parameter.
The URI parameter passed to 'index.php' called 'rawURL' contains the desired target for the proxy to connect to. This parameter is improperly sanitized, and may be used in a cross-site scripting attack.
An attacker may craft a URI that contains malicious HTML or script code. If a victim user follows this link, the HTML contained in the affected URI parameter will be executed in the context of the vulnerable site.
The attacker could use this vulnerability to steal cookie-based authentication credentials, or perform other types of attacks.
http://www.example.com/?rawURL=<script>javascript:alert();</script>- Источник
- www.exploit-db.com
