header-logo
Suggest Exploit
vendor:
AnswerBook2
by:
Thomas Liam Romanis
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: AnswerBook2
Affected Version From: AnswerBook2 1.4.4 and prior versions
Affected Version To: AnswerBook2 1.4.1
Patch Exists: YES
Related CWE: CVE-2005-0548, CVE-2005-0549
CPE: a:sun:answerbook2
Metasploit: N/A
Other Scripts: https://www.infosecmatter.com/list-of-metasploit-windows-exploits-detailed-spreadsheet/
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Sun Solaris 2.5.1 _x86, Sun Solaris 2.5.1 _ppc, Sun Solaris 8_x86, Sun Solaris 8, Sun Solaris 7.0_x86, Sun Solaris 7.0, Sun Solaris 2.6_x86, Sun Solaris 2.6, Sun Solaris 2.5_x86, Sun Solaris 2.5, Sun Solaris 2.4_x86, Sun Solaris 2.4, Sun Solaris 2.3
2005

Sun Solaris AnswerBook2 Cross-Site Scripting Vulnerabilities

Sun Solaris AnswerBook2 is reported prone to multiple cross-site scripting vulnerabilities because the software fails to properly sanitize user-supplied data. Exploits will allow arbitrary HTML and script code to run in a victim's browser, allowing the attacker to steal cookie-based credentials and launch other attacks. The Search function and the AnswerBook2 admin interface are affected.

Mitigation:

Input validation should be used to detect and reject malicious input. Sanitize user-supplied data before using it in the application.
Source

Exploit-DB raw data:

Sun Solaris AnswerBook2 is reported prone to multiple cross-site scripting vulnerabilities because the software fails to properly sanitize user-supplied data. Exploits will allow arbitrary HTML and script code to run in a victim's browser, allowing the attacker to steal cookie-based credentials and launch other attacks.

The Search function and the AnswerBook2 admin interface are affected.

AnswerBook2 1.4.4 and prior versions are vulnerable. 

Bugtraq ID: 12746
Class: Input Validation Error
CVE: CVE-2005-0548
CVE-2005-0549
Remote: Yes
Local: No
Published: Mar 07 2005 12:00AM
Updated: Dec 11 2009 03:44PM
Credit: Discovery is credited to Thomas Liam Romanis.
Vulnerable: Sun AnswerBook2 1.4.4
Sun AnswerBook2 1.4.3
Sun AnswerBook2 1.4.2
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 8_x86
- Sun Solaris 8
- Sun Solaris 8
- Sun Solaris 8
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 7.0
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6_x86
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
- Sun Solaris 2.6
- Sun Solaris 2.6
- Sun Solaris 2.5_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.5
- Sun Solaris 2.5
- Sun Solaris 2.5
- Sun Solaris 2.4_x86
- Sun Solaris 2.4_x86
- Sun Solaris 2.4_x86
- Sun Solaris 2.4
- Sun Solaris 2.4
- Sun Solaris 2.4
- Sun Solaris 2.3
- Sun Solaris 2.3
- Sun Solaris 2.3
Sun AnswerBook2 1.4.1
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 8_x86
- Sun Solaris 8_x86
- Sun Solaris 8_x86
- Sun Solaris 8
- Sun Solaris 8
- Sun Solaris 8
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 7.0
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6_x86
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
- Sun Solaris 2.5_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.5
- Sun Solaris 2.5
- Sun Solaris 2.5
- Sun Solaris 2.4_x86
- Sun Solaris 2.4_x86
- Sun Solaris 2.4_x86
- Sun Solaris 2.4
- Sun Solaris 2.4
- Sun Solaris 2.4
- Sun Solaris 2.3
- Sun Solaris 2.3
- Sun Solaris 2.3
Sun AnswerBook2 1.4
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 8_x86
- Sun Solaris 8
- Sun Solaris 8
- Sun Solaris 8
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 7.0
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6_x86
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
- Sun Solaris 2.6
- Sun Solaris 2.6
- Sun Solaris 2.5_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.5
- Sun Solaris 2.5
- Sun Solaris 2.5
- Sun Solaris 2.4_x86
- Sun Solaris 2.4_x86
- Sun Solaris 2.4_x86
- Sun Solaris 2.4
- Sun Solaris 2.4
- Sun Solaris 2.4
- Sun Solaris 2.3
- Sun Solaris 2.3
- Sun Solaris 2.3
Sun AnswerBook2 1.3
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 8_x86
- Sun Solaris 8
- Sun Solaris 8
- Sun Solaris 8
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 7.0
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6_x86
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
- Sun Solaris 2.6
- Sun Solaris 2.6
- Sun Solaris 2.5_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.5
- Sun Solaris 2.5
- Sun Solaris 2.5
- Sun Solaris 2.4_x86
- Sun Solaris 2.4_x86
- Sun Solaris 2.4_x86
- Sun Solaris 2.4
- Sun Solaris 2.4
- Sun Solaris 2.4
- Sun Solaris 2.3
- Sun Solaris 2.3
- Sun Solaris 2.3
Sun AnswerBook2 1.2
+ Sun Solaris 8_x86
+ Sun Solaris 8
+ Sun Solaris 7.0_x86
+ Sun Solaris 7.0
+ Sun Solaris 2.6_x86
+ Sun Solaris 2.6_sparc
+ Sun Solaris 2.6

The following proofs of concept are available:

For the cross-site scripting issue in the Answerbook2 search function:

http://www.example.com/ab2/Help_C/@Ab2HelpSearch?scope=HELP&DwebQuery=%3Cscript%3Ealert%28%22hello%22%
29%3C%2Fscript%3E&Search=+Search+

For the admin interface 'View Log Files' function:

http://www.example.com/ab2/@Ab2Admin?command=view_access

Navigation

Suggest Exploit

Services By CQR