CVE-2010-4850
published 2011-09-27CVE-2010-4850: Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.77%
75.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php; the (2) slogan parameter to admin/site/2.html, related to views/admin.php; or the (3) subcatname or (4) description parameter to admin/forum/create_sub.html, related to views/admin.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| diferior | diferior | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6448 [HIGH] ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user ASCII
ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user ASCII"; flow:established,to_server; http.uri; content:"/vf_memberdetail.asp?"; nocase; content:"user="; nocase; content:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/i"; reference:cve,CVE-2006-6448; reference:url,www.frsirt.com/english/advisories/2006/4850; classtype:web-application-attack; sid:2006607; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name I
Suricata
ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6448 [HIGH] ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user DELETE
ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user DELETE"; flow:established,to_server; http.uri; content:"/vf_memberdetail.asp?"; nocase; content:"user="; nocase; content:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/i"; reference:cve,CVE-2006-6448; reference:url,www.frsirt.com/english/advisories/2006/4850; classtype:web-application-attack; sid:2006606; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name I
Suricata
ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6448 [HIGH] ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user UPDATE
ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user UPDATE"; flow:established,to_server; http.uri; content:"/vf_memberdetail.asp?"; nocase; content:"user="; nocase; content:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/i"; reference:cve,CVE-2006-6448; reference:url,www.frsirt.com/english/advisories/2006/4850; classtype:web-application-attack; sid:2006608; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name In
Suricata
ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6448 [HIGH] ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user UNION SELECT
ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user UNION SELECT"; flow:established,to_server; http.uri; content:"/vf_memberdetail.asp?"; nocase; content:"user="; nocase; content:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/i"; reference:cve,CVE-2006-6448; reference:url,www.frsirt.com/english/advisories/2006/4850; classtype:web-application-attack; sid:2006604; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_
Suricata
ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6448 [HIGH] ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user INSERT
ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user INSERT"; flow:established,to_server; http.uri; content:"/vf_memberdetail.asp?"; nocase; content:"user="; nocase; content:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/i"; reference:cve,CVE-2006-6448; reference:url,www.frsirt.com/english/advisories/2006/4850; classtype:web-application-attack; sid:2006605; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name I
Suricata
ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6448 [HIGH] ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user SELECT
ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user SELECT"; flow:established,to_server; http.uri; content:"/vf_memberdetail.asp?"; nocase; content:"user="; nocase; content:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/i"; reference:cve,CVE-2006-6448; reference:url,www.frsirt.com/english/advisories/2006/4850; classtype:web-application-attack; sid:2006603; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name I
Exploit-DB
Diferior 8.03 - Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2010-11-29
CVE-2010-4850 Diferior 8.03 - Multiple Cross-Site Scripting Vulnerabilities
Diferior 8.03 - Multiple Cross-Site Scripting Vulnerabilities
---
Vulnerability ID: HTB22721
Reference: http://www.htbridge.ch/advisory/stored_xss_cross_site_scripting_vulnerability_in_diferior.html
Product: Diferior
Vendor: Povilas Musteikis ( http://www.diferior.com/ )
Vulnerable Version: 8.03 and probably prior versions
Vendor Notification:
Vulnerability Type: Stored XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
The vulnerability exists due to failure in the "views/post.php" script to properly sanitize user-supplied input in "post_c
Exploit-DB
AwingSoft Winds3D Player 3.5 - SceneURL Download and Execute (Metasploit)
exploitdb·2010-09-20
CVE-2009-4850 AwingSoft Winds3D Player 3.5 - SceneURL Download and Execute (Metasploit)
AwingSoft Winds3D Player 3.5 - SceneURL Download and Execute (Metasploit)
---
##
# $Id: awingsoft_winds3d_sceneurl.rb 10389 2010-09-20 04:38:13Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'AwingSoft Winds3D Player 3.5 SceneURL Download and Execute',
'Description' => %q{
This module exploits an untrusted program execution vulnerability within the
Winds3D Player from AwingSoft. The Winds3D Player is a browser plugin for
IE (ActiveX), Opera (DLL) and Firefox (XPI). By setting the 'SceneURL'
parameter to the URL to an executable, an
No writeups or analysis indexed.
http://packetstormsecurity.org/files/view/96207/diferior-xss.txthttp://securityreason.com/securityalert/8398http://www.exploit-db.com/exploits/15633http://www.htbridge.ch/advisory/cross_site_scripting_vulnerability_in_diferior.htmlhttp://www.htbridge.ch/advisory/stored_xss_cross_site_scripting_vulnerability_in_diferior.htmlhttp://www.htbridge.ch/advisory/xss_vulnerability_in_diferior.htmlhttp://www.securityfocus.com/bid/45088http://packetstormsecurity.org/files/view/96207/diferior-xss.txthttp://securityreason.com/securityalert/8398http://www.exploit-db.com/exploits/15633http://www.htbridge.ch/advisory/cross_site_scripting_vulnerability_in_diferior.htmlhttp://www.htbridge.ch/advisory/stored_xss_cross_site_scripting_vulnerability_in_diferior.htmlhttp://www.htbridge.ch/advisory/xss_vulnerability_in_diferior.htmlhttp://www.securityfocus.com/bid/45088
2011-09-27
Published