VisNetic Website Arbitrary Code Execution Vulnerability

vendor:

VisNetic Website

by:

SecurityFocus

7.5

CVSS

HIGH

Cross Site Scripting

CWE

Product Name: VisNetic Website

Affected Version From: 3.5.13.1

Affected Version To: 3.5.13.1

Patch Exists: YES

Related CWE: N/A

CPE: a:deerfield:visnetic_website

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

VisNetic Website Arbitrary Code Execution Vulnerability

A vulnerability has been discovered in VisNetic Website when generating a 404 page for a non-existent resources. The issue is due to insufficient sanitization of the HTTP 'referer' header. It is possible to cause arbitrary code to be executed within the context of the visited 404 page by embedding script code into the HTTP 'referer' header.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the generation of a 404 page.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6369/info

A vulnerability has been discovered in VisNetic Website when generating a 404 page for a non-existent resources. The issue is due to insufficient sanitization of the HTTP 'referer' header. It is possible to cause arbitrary code to be executed within the context of the visited 404 page by embedding script code into the HTTP 'referer' header.

An attacker could exploit this issue to steal cookie-based authentication credentials which could be used to hijack a legitimate users session.

It should be noted that this vulnerability was discovered in VisNetic WebSite 3.5.13.1. It is not yet known whether this issue also affects earlier versions.

GET /NonExistentPage.html HTTP/1.0
Host: TARGET
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Referer: "></a><script>alert('Cross Site Scripting')</script>