Sign-up

ID

VAR-E-200809-0699


CVE

cve_id:CVE-2008-6465

Trust: 0.3

sources: BID: 31256

EDB ID

32396


TITLE

Parallels H-Sphere 3.0/3.1 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities - PHP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 32396

DESCRIPTION

Parallels H-Sphere 3.0/3.1 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities.. webapps exploit for PHP platform

Trust: 0.6

sources: EXPLOIT-DB: 32396

AFFECTED PRODUCTS

vendor:parallelsmodel:h-spherescope:eqversion:3.0/3.1

Trust: 1.6

vendor:parallelsmodel:h-sphere patchscope:eqversion:3.11

Trust: 0.3

vendor:parallelsmodel:h-sphere patchscope:eqversion:3.09

Trust: 0.3

sources: BID: 31256 // EXPLOIT-DB: 32396 // EDBNET: 53929

EXPLOIT

source: https://www.securityfocus.com/bid/31256/info

H-Sphere is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

H-Sphere 3.0.0 Patch 9 and 3.1 Patch 1 are vulnerable; other versions may also be affected.

http://www.example.com/webshell4/login.php?err=[XSS]
http://www.example.com/webshell4/login.php?login=[XSS]

Trust: 1.0

sources: EXPLOIT-DB: 32396

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 32396

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 32396

TYPE

'login.php' Multiple Cross-Site Scripting Vulnerabilities

Trust: 1.6

sources: EXPLOIT-DB: 32396 // EDBNET: 53929

CREDITS

t0fx

Trust: 0.6

sources: EXPLOIT-DB: 32396

EXTERNAL IDS

db:BIDid:31256

Trust: 1.9

db:EXPLOIT-DBid:32396

Trust: 1.6

db:EDBNETid:53929

Trust: 0.6

db:NVDid:CVE-2008-6465

Trust: 0.3

sources: BID: 31256 // EXPLOIT-DB: 32396 // EDBNET: 53929

REFERENCES

url:https://www.securityfocus.com/bid/31256/info

Trust: 1.0

url:https://www.exploit-db.com/exploits/32396/

Trust: 0.6

url:http://www.parallels.com/

Trust: 0.3

sources: BID: 31256 // EXPLOIT-DB: 32396 // EDBNET: 53929

SOURCES

db:BIDid:31256
db:EXPLOIT-DBid:32396
db:EDBNETid:53929

LAST UPDATE DATE

2022-07-27T09:57:31.184000+00:00


SOURCES UPDATE DATE

db:BIDid:31256date:2015-05-07T17:23:00

SOURCES RELEASE DATE

db:BIDid:31256date:2008-09-19T00:00:00
db:EXPLOIT-DBid:32396date:2008-09-19T00:00:00
db:EDBNETid:53929date:2008-09-19T00:00:00