header-logo
Suggest Exploit
vendor:
SGDynamo
by:
SecurityFocus
7.5
CVSS
HIGH
Script Code Injection
79
CWE
Product Name: SGDynamo
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

SGDynamo Script Code Injection Vulnerability

SGDynamo is a web application engine for Microsoft Windows operating systems. Script code is not filtered from URL parameters that are used as output by the SGDynamo program. This may enable an attacker to inject script code into a malicious link to the program. The script code will be executed in the browser of a user who visits the link, in the context of the site running the program. This may enable the attacker to steal cookie-based authentication credentials from legitimate users.

Mitigation:

Filter user input and escape special characters in URL parameters.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4720/info

SGDynamo is a web application engine for Microsoft Windows operating systems.

Script code is not filtered from URL parameters that are used as output by the SGDynamo program. This may enable an attacker to inject script code into a malicious link to the program. The script code will be executed in the browser of a user who visits the link, in the context of the site running the program.

This may enable the attacker to steal cookie-based authentication credentials from legitimate users.

http://target/sgdynamo.exe?HTNAME=<script>alert("test")</script>

Navigation

Suggest Exploit

Services By CQR