Menu

Search for hundreds of thousands of exploits

"BEA Tuxedo 6/7/8 and WebLogic Enterprise 4/5 - Input Validation"

Author

Exploit author

"Corsaire Limited"

Platform

Exploit platform

cgi

Release date

Exploit published date

2003-10-30

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
source: https://www.securityfocus.com/bid/8931/info

A vulnerability has reported to exist in BEA Tuxedo and WebLogic Enterprise due to Tuxedo administration console. The script is reported to accept various initialization arguments such as INIFILE that are not properly sanitized for user-supplied input. This issue may allow an attacker to carry out attacks such as denial of service, file disclosure, and cross-site scripting.

An attacker may be able to determine the existence of a file outside the web server root by supplying passing various path values for INIFILE.

A denial of service condition could be caused in the software by providing a device name such as CON, AUX, COM1, COM2 instead of a valid file name as one of the arguments for INIFILE. This may cause the service to crash or hang.

A cross-site scripting vulnerability has also been reported to exist in the software due to insufficient santization of user-supplied input to INIFILE. This problem presents itself when an invalid file name is supplied as an argument for INIFILE. This vulnerability could be exploited to steal cookie-based credentials. Other attacks are possible as well. 

http://www.example.com/udataobj/webgui/cgi-bin/tuxadm.exe?INIFILE=<script>alert('XSS')</script>
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-11-19 "Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection" webapps cgi "Gabriele Zuddas"
2020-10-29 "Mailman 1.x > 2.1.23 - Cross Site Scripting (XSS)" webapps cgi "Valerio Alessandroni"
2020-04-23 "Zen Load Balancer 3.10.1 - Directory Traversal (Metasploit)" webapps cgi "Dhiraj Mishra"
2020-04-10 "Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal" webapps cgi "Basim Alabdullah"
2020-03-30 "Zen Load Balancer 3.10.1 - Remote Code Execution" webapps cgi "Cody Sixteen"
2020-02-11 "CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting" webapps cgi Luca.Chiou
2019-09-09 "Rifatron Intelligent Digital Security System - 'animate.cgi' Stream Disclosure" webapps cgi LiquidWorm
2019-07-12 "Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution" webapps cgi "Chris Lyne"
2019-02-18 "Master IP CAM 01 3.3.4.2103 - Remote Command Execution" webapps cgi "Raffaele Sabato"
2019-02-11 "IPFire 2.21 - Cross-Site Scripting" webapps cgi "Ozer Goker"
Release Date Title Type Platform Author
2004-03-10 "Apple Safari 1.x - Cookie Directory Traversal" remote osx "Corsaire Limited"
2003-10-31 "BEA WebLogic 6/7/8 - InteractiveQuery.jsp Cross-Site Scripting" webapps jsp "Corsaire Limited"
2003-10-30 "BEA Tuxedo 6/7/8 and WebLogic Enterprise 4/5 - Input Validation" remote cgi "Corsaire Limited" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected