SimpGB Multiple Cross-Site Scripting Vulnerabilities
BID:25808
Info
SimpGB Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 25808 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5127 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 25 2007 12:00AM |
| Updated: | Apr 16 2015 06:09PM |
| Credit: | netVigilance is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
SimpGB SimpGB 1.46.2 |
| Not Vulnerable: |
SimpGB SimpGB 1.47.1 |
Discussion
SimpGB Multiple Cross-Site Scripting Vulnerabilities
SimpGB is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect SimpGB 1.46.02; other versions may also be vulnerable.
SimpGB is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect SimpGB 1.46.02; other versions may also be vulnerable.
Exploit / POC
SimpGB Multiple Cross-Site Scripting Vulnerabilities
To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.
The following proof-of-concept URIs are available:
To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.
The following proof-of-concept URIs are available:
Solution / Fix
SimpGB Multiple Cross-Site Scripting Vulnerabilities
Solution:
The vendor has addressed these issues in SimpGB 1.47 and later.
SimpGB SimpGB 1.46.2
Solution:
The vendor has addressed these issues in SimpGB 1.47 and later.
SimpGB SimpGB 1.46.2
-
SimpGB simpgb.tar.gz
http://www.boesch-it.de/progsys/download.php?filenr=9&lang=en
References
SimpGB Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- SimpGB Homepage (SimpGB)
- SimpGB version 1.46.02 Multiple XSS Attack Vulnerabilities (netVigilance)