Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
OpenWFE Cross-Site Scripting and Connection Proxy Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
OpenWFE
by:
7.5
CVSS
HIGH
Cross-Site Scripting and Connection Proxy
Cross-Site Scripting (XSS) and Improper Access Control
CWE
Product Name: OpenWFE
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

OpenWFE Cross-Site Scripting and Connection Proxy Vulnerability

The OpenWFE application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. This can be exploited by an attacker to steal authentication credentials and execute malicious code in a user's browser. Additionally, OpenWFE is also affected by a connection proxy vulnerability, allowing anonymous scanning of network computers.

Mitigation:

To mitigate the cross-site scripting vulnerability, it is recommended to implement proper input sanitization and validation mechanisms. Additionally, OpenWFE should address the connection proxy vulnerability by implementing proper access controls and authentication mechanisms.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11514/info

OpenWFE is affected by a cross-site scripting and connection proxy vulnerability. These issues are due to a failure of the application to properly sanitize user-supplied input.

An attacker may leverage the cross-site scripting issue to steal cookie-based authentication credentials as well as carry out other attacks by executing client-based script code in an unsuspecting user's browser. An attacker may leverage the connection proxy issue to scan arbitrary network computers anonymously, facilitating further attacks.

To leverage the cross-site scripting issue:
rmi://www.example.com:7080/workSessionServer"><script>alert(document.cookie)</script>

To leverage the connection proxy issue:
rmi://<targetHostName>:<targetPort>/workSessionServer

Navigation

Suggest Exploit

Services By CQR

cqrsecured