GoAhead Webserver 2.18 and possibly previous or newer versions, are vulnerable to multiple stored and reflective cross site scripting (XSS) vulnerabilities.
According to the reporter the following webpages and parameters are affected by stored and reflective XSS vulnerabilities:
Results: Reflected XSS displayed in addgroup.asp, stored XSS in: adduser.asp, addlimit.asp, delgroup.asp.
Results: Stored when user requests dellimit.asp.
addgroup.asp. In this example, you can swap out the group=<script>alert(1337)
for whichever group name you added. password= and passconf= can also be
modified to whichever password you want the new user to have.
POST /goform/AddUser HTTP/1.1
Result: Reflected in reply, stored in: deluser.asp,dspuser.asp.
An attacker with access to the GoAhead Webserver can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.
We are currently unaware of a practical solution to this problem.
The reporter was unable to confirm if any previous or newer versions are vulnerable to these stored cross site scripting (XSS) vulnerabilities.
Thanks to Silent Dream for reporting this vulnerability.
|Date First Published:||2011-10-10|
|Date Last Updated:||2011-10-10 12:58 UTC|