Mambo Open Source Index.PHP跨站脚本攻击漏洞

Mambo Open Source Index.PHP跨站脚本攻击漏洞

漏洞ID 1107821 漏洞类型 跨站脚本
发布时间 2004-03-16 更新时间 2005-10-20
图片[1]-Mambo Open Source Index.PHP跨站脚本攻击漏洞-安全小百科CVE编号 CVE-2004-1825
图片[2]-Mambo Open Source Index.PHP跨站脚本攻击漏洞-安全小百科CNNVD-ID CNNVD-200403-083
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/23824
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200403-083
|漏洞详情
MamboOpenSource4.5stable1.0.3以及以前的版本的index.php存在跨站脚本攻击(XSS)漏洞。远程攻击者借助(1)return或(2)mos_change_template参数注入任意web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/9890/info

It has been reported that the Mambo 'index.php' script is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly validate user supplied URI input. This issue could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user.

http://www.example.com/index.php?return=[XSS]
|参考资料

来源:OSVDB
名称:4665
链接:http://www.osvdb.org/4665
来源:SECUNIA
名称:11140
链接:http://secunia.com/advisories/11140
来源:BUGTRAQ
名称:20040316MamboOpenSourceMultipleVulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107945576020593&w;=2
来源:XF
名称:mambo-return-moschangetemplate-xss(15499)
链接:http://xforce.iss.net/xforce/xfdb/15499
来源:BID
名称:9890
链接:http://www.securityfocus.com/bid/9890
来源:OSVDB
名称:4308
链接:http://www.osvdb.org/4308

相关推荐: Microsoft Netmeeting Local Session Hijacking Vulnerability

Microsoft Netmeeting Local Session Hijacking Vulnerability 漏洞ID 1101547 漏洞类型 Design Error 发布时间 2002-09-16 更新时间 2002-09-16 CVE编号 N/…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享