phpBugTracker 0.9 – ‘query.php’ Multiple Cross-Site Scripting Vulnerabilities
| 漏洞ID | 1054448 | 漏洞类型 | |
| 发布时间 | 2004-04-15 | 更新时间 | 2004-04-15 |
![图片[1]-phpBugTracker 0.9 – ‘query.php’ Multiple Cross-Site Scripting Vulnerabilities-安全小百科](https://p0.ssl.qhimg.com/dr/29_50_100/t01bbbb9ac447dabd6a.png) CVE编号
|
N/A |
![图片[2]-phpBugTracker 0.9 – ‘query.php’ Multiple Cross-Site Scripting Vulnerabilities-安全小百科](https://p0.ssl.qhimg.com/dr/29_150_100/t01cd54df57948e31ea.png) CNNVD-ID
|
N/A |
| 漏洞平台 | PHP | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/10153/info
Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. These issues are all due to a failure of the application to properly sanitize user supplied input.
The SQL injection issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
The cross-site scripting and HTML injection issues may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user. It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks may also be possible.
http://www.example.com/query.php?page=2&order=severity.sort_order&sort=[XSS]
http://www.example.com/query.php?page=2&order=[XSS]
http://www.example.com/query.php?page=[XSS]
http://www.example.com/query.php?op=delquery&queryid=[XSS]&form=simple
http://www.example.com/query.php?projects=[XSS]&op=doquery相关推荐: Simple WAIS Interface Arbitrary Command Execution Vulnerability
Simple WAIS Interface Arbitrary Command Execution Vulnerability 漏洞ID 1101821 漏洞类型 Input Validation Error 发布时间 2002-06-29 更新时间 2002…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛8月前0
kankan啊啊啊啊3年前0
66666666666666