Bug: PassMasterFlex (and PassMasterFlex+) XSS injection ( Ascii Version )

Search:
WLB2

PassMasterFlex (and PassMasterFlex+) XSS injection

Published
Credit
Risk
2006.05.13
Nomenumbra
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2006-2340
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

PassMasterFlex (and PassMasterFlex+) XSS injection

Discovered by: Nomenumbra
Date: 5/4/2006
impact:moderate (privilege escalation,possible defacement)

PassMasterFlex(+) is a database-driven multiple login that utilizes cookies for authentication.
PassMasterFlex+ was written not only to provide an alternative to the Apache login but in
response to numerous requests to have multiple users.

PMF doesn't filter any data in the user's profiles, thus allowing them to embed any XSS code there
to elevate their privileges.
Also upon failed login attempt, data gets written to the "hack-log" but without filtering. It is
possible to embed XSS in a custom user-agent to obtain cookies.

Nomenumbra/[0x4F4C]

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version