Similar Searches

Related News

Latest News

CIA website brought down – were Anonymous attackers responsible?

Dutch ISP KPN hacked, credentials and personal information leaked

Valentine’s Day Cyber Scams that Will Play with Your Heart

Strong Authentication by Itself is Not Enough to Prevent Man-in-the-Browser Attacks

How Criminals Capitalize On Our Digital Lives

Exploiting a Cross Site Scripting vulnerability in Mambo CMS

In this video we look into the details of how an attacker is able to exploit a Cross Site Scripting vulnerability in Mambo CMS (version: 4.6.5), discovered by Bogdan Calin with Acunetix Web Vulnerability Scanner.
This vulnerability is affecting a POST parameter in the Mambo CMS administration interface.  The attacker prepares a custom web page, which when the victim visits it, a form will be automatically submitted in the background, thus exploiting the vulnerability.  The form is hidden from the user in an iframe tag.
Once the victim, in this case a Mambo administrator visits this page, his cookie details are logged into a file, which the attacker can use to gain access to the Mambo CMS administration interface. Watch the full video for more in-depth details.

Click here for high resolution version.
Subscribe to the Acunetix YouTube channel to be automatically notified when new web security and Acunetix WVS videos are uploaded.

Source: Acunetix Web Application Security Blog

Write a Comment

Copyright © 2012 The Security Blog. All rights reserved.