| 제목 | ibwebadmin <= 1.0.2 Cross Site Scripting |
|---|
| 설명 | A reflected cross-site scripting (XSS) vulnerability was identified in the "ibwebadmin" database management application version 1.0.2 and earlier. This vulnerability occurs due to improper sanitization of the "db_login_role" parameter, which is sent via POST request and embedded directly into the page’s source code. As a result, an attacker could inject malicious JavaScript code into the page, breaking the application’s intended syntax and potentially allowing for unauthorized actions or data access.
By using Google Dorks, it is possible to find several applications exposed that utilize the system for Firebird database administration, including some hosting providers, such as "Kinghost":
"http://firebird.kinghost.com.br/"
"http://firebirdadmin.infonet.com.br/" |
|---|
| 원천 | ⚠️ https://docs.google.com/document/d/1_kk14QhqJuqMGzAD_SUlOSvCGwYdeF4gI8m7mVTPBAQ/edit?usp=sharing |
|---|
| 사용자 | gabriel (UID 72007) |
|---|
| 제출 | 2024. 11. 06. PM 05:57 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 11. 15. AM 08:14 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 284675 [IBPhoenix ibWebAdmin 까지 1.0.2 Banco de Dados Tab /database.php db_login_role 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|