Mldonkey Web界面错误消息跨站脚本漏洞-安全小百科

Mldonkey Web界面错误消息跨站脚本漏洞

漏洞ID	1107557	漏洞类型	跨站脚本
发布时间	2003-10-31	更新时间	2005-10-20
CVE编号	CVE-2003-1164	CNNVD-ID	CNNVD-200312-117
漏洞平台	Multiple	CVSS评分	4.3

|漏洞来源

https://www.exploit-db.com/exploits/23320
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-117

|漏洞详情

Mldonkey2.5-4版本存在跨站脚本（XSS）漏洞。远程攻击者借助URI注入任意web脚本或者HTML，并且注入到HTML出错页中。

|漏洞EXP

source: http://www.securityfocus.com/bid/8946/info

It has been reported that the Mldonkey web interface is prone to cross-site scripting attacks when reporting errors. The problem occurs due to insufficient sanitization of script code within requests. This could potentially allow an attacker to carry out a variety of attacks on a user.

http://127.0.0.1:4080/<script>...</script>

|参考资料

来源:SECUNIA
名称:10134
链接:http://secunia.com/advisories/10134
来源:XF
名称:mldonkey-xss(13615)
链接:http://xforce.iss.net/xforce/xfdb/13615
来源:BID
名称:8946
链接:http://www.securityfocus.com/bid/8946
来源:FULLDISC
名称:20031031XSSInmldonkey-But….
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/013070.html

相关推荐: 3Com OfficeConnect ADSL Wireless 11g Firewall Router Multiple Unspecified Vulnerabilities

3Com OfficeConnect ADSL Wireless 11g Firewall Router Multiple Unspecified Vulnerabilities 漏洞ID 1097814 漏洞类型 Unknown 发布时间 2004-10-1…

文章版权归作者所有，未经允许请勿转载。

THE END