This host is running mooSocial and is prone to multiple vulnerabilities.

Successful exploitation will allow attacker to execute arbitrary HTML or script code in a user's browser session and obtain potentially sensitive information to execute arbitrary local scripts in the context of the webserver. Impact Level: Application

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Multiple flaws are due to, - Input passed via HTTP GET request is used in '$path' variable is not properly validating '../'(dot dot) sequences with null byte (%00) at the end. - Input passed via 'onerror' and 'onmouseover' parameters are not properly sanitised before being returned to the user.

mooSocial version 1.3, other versions may also be affected.

Send a crafted data via HTTP GET request and check whether it is able to read the cookie or not.

• http://1337day.com/exploit/21160
• http://cxsecurity.com/issue/WLB-2013080192
• http://www.exploit-db.com/exploits/27871

---

Updated on 2017-03-28