Details of VAR-E-200805-0130

ID

VAR-E-200805-0130

CVE

cve_id:

CVE-2008-2167

Trust: 1.9

sources: BID: 29110 // EXPLOIT-DB: 31757 // EDBNET: 53322

EDB ID

31757

TITLE

ZyWALL 100 HTTP Referer Header - Cross-Site Scripting - Multiple remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 31757

DESCRIPTION

ZyWALL 100 HTTP Referer Header - Cross-Site Scripting. CVE-2008-2167CVE-45044 . remote exploit for Multiple platform

Trust: 0.6

sources: EXPLOIT-DB: 31757

AFFECTED PRODUCTS

vendor:	zywall	model:	http referer header	scope:	eq	version:	100	Trust: 1.6
vendor:	zyxel	model:	zywall	scope:	eq	version:	100	Trust: 0.3

sources: BID: 29110 // EXPLOIT-DB: 31757 // EDBNET: 53322

EXPLOIT

source: https://www.securityfocus.com/bid/29110/info

ZyWALL 100 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

GET /blah.htm HTTP/1.1
Host: www.site.com
Referer: blaaaa"><script>alert(12345)</script>aaaah.htm

Trust: 1.0

sources: EXPLOIT-DB: 31757

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 31757

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 31757

TYPE

Cross-Site Scripting

Trust: 1.0

sources: EXPLOIT-DB: 31757

CREDITS

Deniz Cevik

Trust: 0.6

sources: EXPLOIT-DB: 31757

EXTERNAL IDS

db:	EXPLOIT-DB	id:	31757	Trust: 1.9
db:	NVD	id:	CVE-2008-2167	Trust: 1.9
db:	BID	id:	29110	Trust: 1.9
db:	EDBNET	id:	53322	Trust: 0.6

sources: BID: 29110 // EXPLOIT-DB: 31757 // EDBNET: 53322

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2008-2167	Trust: 1.6
url:	https://www.securityfocus.com/bid/29110/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/31757/	Trust: 0.6
url:	https://www.exploit-db.com/exploits/31757	Trust: 0.3
url:	http://us.zyxel.com/web/product_family_detail.php?pc1indexflag=20040908175941&categorygroupno=05e0ba6c-ffa2-4cc7-b648-8f0c29cd2b8a	Trust: 0.3

sources: BID: 29110 // EXPLOIT-DB: 31757 // EDBNET: 53322

SOURCES

db:	BID	id:	29110
db:	EXPLOIT-DB	id:	31757
db:	EDBNET	id:	53322

LAST UPDATE DATE

2022-07-27T09:53:03.321000+00:00

SOURCES UPDATE DATE

db:

BID

id:

29110

date:

2015-05-07T17:29:00

SOURCES RELEASE DATE

db:	BID	id:	29110	date:	2008-05-08T00:00:00
db:	EXPLOIT-DB	id:	31757	date:	2008-05-08T00:00:00
db:	EDBNET	id:	53322	date:	2008-05-08T00:00:00