This host is installed with POSH and is prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials, execute SQL commands and obtain sensitive information. Impact Level: Application.

Upgrade to version POSH version 3.3.0 or later. For updates refer to http://sourceforge.net/projects/posh

Multiple flaws are due to, - An input passed via the 'rssurl' parameter to 'addtoapplication.php' and 'error' parameter to 'login.php', which is not properly sanitised before using it. - It stores the username and md5 digest of the password in the cookie. - Improper validation of the 'redirect' parameter upon submission to the /posh/portal/scr_sendmd5.php script.

POSH version before 3.3.0

Send a crafted exploit string via HTTP GET request and check whether it is able to read the cookie or not.

• http://secunia.com/advisories/56988
• http://www.osvdb.com/103769
• http://www.sysdream.com/CVE-2014-2211_2214
• http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf

---

Updated on 2015-03-25