Hosting Controller Error.ASP跨站脚本漏洞

Hosting Controller Error.ASP跨站脚本漏洞

漏洞ID 1108898 漏洞类型 跨站脚本
发布时间 2005-06-28 更新时间 2005-10-20
图片[1]-Hosting Controller Error.ASP跨站脚本漏洞-安全小百科CVE编号 CVE-2005-2077
图片[2]-Hosting Controller Error.ASP跨站脚本漏洞-安全小百科CNNVD-ID CNNVD-200506-225
漏洞平台 ASP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/25913
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200506-225
|漏洞详情
HostingController的error.asp脚本存在跨站脚本攻击(XSS)漏洞,远程攻击者可借助错误参数注入任意Web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/14080/info

Hosting Controller is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'error.asp' script.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

http://www.example.com/admin/hosting/error.asp?error=Xss vul
|参考资料

来源:BID
名称:14080
链接:http://www.securityfocus.com/bid/14080
来源:BUGTRAQ
名称:20051215BuginHC
链接:http://www.securityfocus.com/archive/1/archive/1/419597/100/0/threaded
来源:SECTRACK
名称:1016456
链接:http://securitytracker.com/id?1016456
来源:BUGTRAQ
名称:20050628Cross-SiteScripting(CSS)inHostingControllerAllVersionandhotfixithehe;)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111997456519685&w;=2

相关推荐: PHPNuke Multiple Script Code Filtering Vulnerabilities

PHPNuke Multiple Script Code Filtering Vulnerabilities 漏洞ID 1101382 漏洞类型 Input Validation Error 发布时间 2002-10-11 更新时间 2002-10-11 CV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享