AOH :: HP Unsorted C :: VA3226.HTM

Stronghold/2.3 Apache/1.2.6 C2NetUS/2007 Cross-site Scripting vulnerability



Cross-site Scripting vulnerability in Stronghold/2.3 Apache/1.2.6 C2NetUS/2007
Cross-site Scripting vulnerability in Stronghold/2.3 Apache/1.2.6 C2NetUS/2007



========================================================================================
!vuln
Stronghold/2.3 Apache/1.2.6 C2NetUS/2007
Previous versions may also be affected.
========================================================================================

========================================================================================
!risk
Low
There are currently only a few websites circulating with
Stronghold/2.3 enabled.
========================================================================================

========================================================================================
!notes
Stronghold/2.3 does not properly sanitize user input and echoes the page requested in
the URL as valid HTML and Javascript. This can cause XSS flaws.
========================================================================================

========================================================================================
!examples
Example 1: ">http://world.std.com/
Example 2: ">http://world.std.com/
Example 3: http://world.std.com/ bgcolor="black">
========================================================================================

========================================================================================
!solution
Do not use Stronghold/2.3. The vendor has not been notified.
========================================================================================

============================================================
!greetz
Greetz go out to the people who know me.
============================================================

============================================================
!author
Xia Shing Zee
===========================================================

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.