41581 : SiteBar command.php forward Variable Arbitrary Site Redirect
Printer | http://osvdb.org/41581 | Email This | Edit Vulnerability

Views This Week

Views All Time

395

Info

Last Modified

about 1 year ago

Percent Complete

25%

Disclosure

Oct 18, 2007

Discovery

Unknown

Dates

Exploit

Oct 18, 2007

Solution

Unknown

This Entry needs help! It is only 25% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Keywords

Description

(Description Provided by CVE) : Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Exploit: Exploit Available
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Products

Unknown or Incomplete

References

CVE ID: 2007-5695 (see also: NVD)
Bugtraq ID: 26126
Secunia Advisory ID: 27503 28008
FrSIRT Advisory: ADV-2007-3768
Other Advisory URL: http://securityreason.com/securityalert/3318
http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view= ......
http://www.debian.org/security/2007/dsa-1423
Vendor Specific Solution URL: http://www.gentoo.org/security/en/glsa/glsa-200711-05.xml

Tools & Filters

Nessus	29258

Manual Testing Notes

Credit