Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2004-0617

Publish Date: 22 Jun 2004

                							

                source: http://www.securityfocus.com/bid/10592/info

It is reported that ArbitroWeb is susceptible to a cross-site scripting vulnerability in its rawURL URI parameter.

The URI parameter passed to 'index.php' called 'rawURL' contains the desired target for the proxy to connect to. This parameter is improperly sanitized, and may be used in a cross-site scripting attack.

An attacker may craft a URI that contains malicious HTML or script code. If a victim user follows this link, the HTML contained in the affected URI parameter will be executed in the context of the vulnerable site.

The attacker could use this vulnerability to steal cookie-based authentication credentials, or perform other types of attacks. 

http://www.example.com/?rawURL=&amp;lt;script&amp;gt;javascript:alert();&amp;lt;/script&amp;gt;

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ArbitroWeb PHP Proxy 0.5/0.6 - Cross-Site Scripting

Vulmon Search

About

Products

Connect