| Título | TMsoft MyAuth Gateway 3 Injection |
|---|
| Descrição | Description: Cross Site Scripting (XSS)a security vulnerability that allows attackers to inject malicious code into a website or web application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data.
#Steps to Reproduce
1). Go to - http://IP:Port/index.php
2). Capture request in proxy tool
3). After index.php ?g504v"><script>alert(1)</script>xdwgg=1
Vulnerable Parameter:
index.php?console=
index.php?nocache=
/index.php?console=
/?nocache=
/?cmd=
Mitigation:
1). Secure handling of user input
2). Escaping Use appropriate response headers
3). Encode data on output |
|---|
| Utilizador | The_Druk (UID 70236) |
|---|
| Submissão | 17/09/2024 01h11 (há 2 anos) |
|---|
| Moderação | 27/09/2024 07h13 (10 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 278658 [TMsoft MyAuth Gateway 3 /index.php console/nocache/cmd Script de Site Cruzado] |
|---|
| Pontos | 17 |
|---|