Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Hotspot Shield 安全漏洞
Vulnerability Description
Hotspot Shield是一套用于访问免费和开放网络的VPN软件。 Hotspot Shield中存在安全漏洞,该漏洞源于程序没有充分的过滤用户的输入。攻击者可通过向/status.js文件发送带有func=$_APPLOG.Rfunc参数的POST请求利用该漏洞提取敏感信息,包括:用户是否连接VPN,用户连接哪个VPN及用户真实的IP地址。
CVSS Information
N/A
Vulnerability Type
N/A