Signature Detail
Short Name |
HTTP:PHP:OPEN-REALITY-XSS-SQLI |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Open-Reality Cross Site Scripting and SQL Injection Vulnerabilities |
Release Date |
2011/07/27 |
Update Number |
1962 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Open-Reality Cross Site Scripting and SQL Injection Vulnerabilities
This signature detects attempts to exploit a known cross site scripting vulnerability in Open-Reality. A remote attacker can exploit this by enticing a target user to open a web page. In a successful code injection attack, the behavior of the target host is entirely dependent on the intended function of the injected code and executes within the security context of the currently logged in user. If the attack is unsuccessful, the vulnerable application can terminate abnormally.
Extended Description
Open-Reality is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Open-Reality 3.1.5 is vulnerable; other versions may also be affected.
Affected Products
- Open-Realty 2.3.0
- Open-Realty 2.3.1
- Open-Realty 2.3.4
- Open-Realty 2.4.3
- Open-Realty 2.4.4
- Open-Realty 3.0.3
- Open-Realty 3.0.4
- Open-Realty 3.1.5
References
- BugTraq: 48489