acFreeProxy Cross-Site Scripting Vulnerability/Possible DoS

2007.11.01
Risk: Low
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Product Information acFreeProxy (aka "acfp") is an HTTP/1.x proxy for Microsoft Windows environments. It offers caching, and several other features, and has a plug-in format designed for extensibility. A flaw in the product may allow attackers to execute content across domains. Description The proxy server may generate an error message if given a host that it cannot reach, or some other exceptional condition. The error page generated during this process does not have any input validation, and is vulnerable to cross-site scripting. This allows an attacker to inject code as *any site* the victim can visit, because this problem is in the proxy, and not a specific site. Impact This vulnerability is significantly more dangerous than any site-specific flaw, as it can be exploited to read content from any domain, instead of the limited scope of a typical cross-site scripting flaw, where the site that is flawed is the only site that can be impacted. Exploit http://www.hotmail.com:41997/%3CSCRIPT%3Ealert%28document%3EURL%29%3C/SC RIPT %3E/ If a vulnerable proxy is being run, script execution begins. I've also found bizarre crash behavior within acfp. When it accesses www.hotmail.com it crashes for some reason that I have yet to isolate. I believe that this may have something to do with empty entities in responses. Any ideas?


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top