XGB 1.2 – Remote Form Field Input Validation

XGB 1.2 – Remote Form Field Input Validation

漏洞ID 1053574 漏洞类型
发布时间 2002-04-14 更新时间 2002-04-14
图片[1]-XGB 1.2 – Remote Form Field Input Validation-安全小百科CVE编号 N/A
图片[2]-XGB 1.2 – Remote Form Field Input Validation-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/21382
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/4515/info

xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems.

xGB does not sufficiently validate input that is supplied via form fields. An attacker may, under some circumstances, exploit this condition to execute arbitrary commands via injection of PHP code into form fields.

First insert this code (<?php echo"delete datafile";?>) into a field like
"Ihr Name", "Ihre eMail", "Homepage-Name" or "Homepage-URL". After that you can see your text you have inserted into the "Text"-Field. Now insert the same code
into the same field as before. Now you get a error-message. If you now
insert a third message the whole datafile is deleted and only the last message is saved in it.

相关推荐: Microsoft Outlook Concealed Attachment Vulnerability

Microsoft Outlook Concealed Attachment Vulnerability 漏洞ID 1103469 漏洞类型 Input Validation Error 发布时间 2001-01-17 更新时间 2001-01-17 CVE编…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享