Inprotect Zones.PHP Cross-Site Scripting Vulnerability
BID:17141
Info
Inprotect Zones.PHP Cross-Site Scripting Vulnerability
| Bugtraq ID: | 17141 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-1270 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 17 2006 12:00AM |
| Updated: | Aug 11 2006 10:55PM |
| Credit: | $um$id is credited with the discovery of this vulnerability. |
| Vulnerable: |
Inprotect Inprotect 0.21 |
| Not Vulnerable: |
Inprotect Inprotect 0.22 |
Discussion
Inprotect Zones.PHP Cross-Site Scripting Vulnerability
Inprotect is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Inprotect 0.21 and eariler versions are vulnerable.
Inprotect is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Inprotect 0.21 and eariler versions are vulnerable.
Exploit / POC
Inprotect Zones.PHP Cross-Site Scripting Vulnerability
Attackers can exploit this issue via a web client.
Attackers can exploit this issue via a web client.
Solution / Fix
Inprotect Zones.PHP Cross-Site Scripting Vulnerability
Solution:
The vendor has released version 0.22 to address this issue.
Inprotect Inprotect 0.21
Solution:
The vendor has released version 0.22 to address this issue.
Inprotect Inprotect 0.21
-
Inprotect inprotect-0.22_01.tar.gz
http://prdownloads.sourceforge.net/inprotect/inprotect-0.22_01.tar.gz