CVE-2008-1208

Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1208. PoCs published by Henri Lindberg.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Check Point VPN-1 UTM Edge by injecting a malicious script via the 'user' parameter in a form submission. The script is executed in the context of the affected site when the form is auto-submitted on page load.

Description

Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Henri Lindberg · htmlremotehardware

https://www.exploit-db.com/exploits/31340

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Check Point VPN-1 UTM Edge by injecting a malicious script via the 'user' parameter in a form submission. The script is executed in the context of the affected site when the form is auto-submitted on page load.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Check Point VPN-1 UTM Edge firmware 7.0.48x

No auth needed

Prerequisites: Victim must visit the malicious HTML page · Target must be running vulnerable Check Point VPN-1 UTM Edge firmware

MITRE ATT&CK