Apache OFBiz: Exploiting Cross-site Scripting Vulnerabilities
Convert Text to Speech
[CVE-2010-0432]
http://www.bonsai-sec.com/research/vulnerabilities/apacheofbiz-multiple-xss-0103.php
This vulnerability can be exploited to force a logged in Administrator
to run arbitrary SQL commands or create a new user with Full Privileges.
You can find customized XSS PoC payloads here.
http://www.bonsai-sec.com/en/research/vulnerabilities/create-user-xss-payload.js
http://www.bonsai-sec.com/en/research/vulnerabilities/sql-exec-xss-payload.js
Lucas Apa from Bonsai Information Security
www.bonsai-sec.com/
Likes: 0
Viewed:
source
Gloss