Sphinix Mobile Web Server Multiple Persistence XSS Vulnerabilities

  • Post author:
  • Reading time:1 mins read

SecPod Research Team member (Prabhu S Angadi) has found Multiple Persistence Cross-Site Scripting Vulnerabilities in Sphinix Mobile Web Server Blog. The vulnerability is caused by improper validation of “comment” parameter in “/Blog/MyFirstBlog.txt” and “/Blog/AboutSomething.txt” pages. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks.

More information can be found here.

CVE Info : CVE-2012-1005

Welcome any feedback or suggestion.

SecPod Research Team

Share this article