HTTP: Open-Reality Cross Site Scripting and SQL Injection Vulnerabilities
This signature detects attempts to exploit a known cross site scripting vulnerability in Open-Reality. A remote attacker can exploit this by enticing a target user to open a web page. In a successful code injection attack, the behavior of the target host is entirely dependent on the intended function of the injected code and executes within the security context of the currently logged in user. If the attack is unsuccessful, the vulnerable application can terminate abnormally.
Extended Description
Open-Reality is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Open-Reality 3.1.5 is vulnerable; other versions may also be affected.
Affected Products
Open-realty open-realty
References
BugTraq: 48489
Short Name
HTTP:PHP:OPEN-REALITY-XSS-SQLI
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Cross Injection Open-Reality SQL Scripting Site Vulnerabilities and bid:48489
Release Date
07/27/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3656
False Positive
Unknown
Vendors
Open-realty