| Title | ibwebadmin ibWebAdmin <= 1.0.2 Cross Site Scripting |
|---|
| Description | A reflected XSS vulnerability was discovered in the ibWebAdmin software, version 1.0.2 and earlier. This flaw allows the manipulation of the 'p' parameter in the request, enabling the injection of JavaScript code into the page. If the HttpOnly flag is not properly configured, it is also possible to access session cookies, which could lead to an account takeover.
By using Google Dorks, it is possible to find several applications exposed that utilize the system for Firebird database administration, including some hosting providers, such as "Kinghost":
"http://firebird.kinghost.com.br/"
"http://firebirdadmin.infonet.com.br/"
|
|---|
| Source | ⚠️ https://docs.google.com/document/d/1h9LlTV1FVvOSDBWc7qwU_5qcboCKd6H99Oqg3rZdBRQ/edit?usp=sharing |
|---|
| User | gabriel (UID 72007) |
|---|
| Submission | 10/22/2024 17:21 (2 years ago) |
|---|
| Moderation | 11/06/2024 17:20 (15 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 283325 [IBPhoenix ibWebAdmin up to 1.0.2 Tabelas Section /toggle_fold_panel.php cross site scripting] |
|---|
| Points | 20 |
|---|