Barracuda Control Center 620 – Cross-Site Scripting / HTML Injection

Exploit Database
34 阅读

作者： Vulnerability-Lab

日期： 2011-12-21
类别：
- remote
平台：
- hardware
来源：https://www.exploit-db.com/exploits/36475/

source: https://www.securityfocus.com/bid/51156/info

Barracuda Control Center 620 is prone to an HTML injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. 

https://www.example.com/bcc/editdevices.jsp?device-type=spyware&selected-node=1&containerid=[IVE]
https://www.example.com/bcc/main.jsp?device-type=[IVE]

last Exploits
Barracuda Control Center 620 – Cross-Site Scripting / HTML Injection的更多信息

BadBlue 2.72b – PassThru Buffer Overflow (Metasploit)：
Schneider Electric SBO / AS – Multiple Vulnerabilities：
OrientDB – Code Execution：
Invision Power Board (IP.Board) 3.3.4 – ‘Unserialize()’ PHP Code Execution (Metasploit)：
ActFax Server (LPD/LPR) 4.25 Build 0221 (2010-02-11) – Remote Buffer Overflow：
Mozilla Firefox 4.0.1 – ‘Array.reduceRight()’ Remote Overflow：
Ksix Zigbee Devices – Playback Protection Bypass (PoC)：
Technicolor THOMSON TG585v7 Wireless Router – ‘url’ Cross-Site Scripting：