Authoria HR Suite AthCGI.EXE 跨站脚本漏洞

Authoria HR Suite AthCGI.EXE 跨站脚本漏洞

漏洞ID 1107033 漏洞类型 跨站脚本
发布时间 2002-10-09 更新时间 2002-12-31
图片[1]-Authoria HR Suite AthCGI.EXE 跨站脚本漏洞-安全小百科CVE编号 CVE-2002-2348
图片[2]-Authoria HR Suite AthCGI.EXE 跨站脚本漏洞-安全小百科CNNVD-ID CNNVD-200212-661
漏洞平台 CGI CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/21926
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-661
|漏洞详情
AuthoriaHR的athcgi.exe存在跨站脚本(XSS)漏洞。远程攻击者借助command参数注入任意web脚本或者HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/5932/info

Authoria HR Suite is prone to cross-site scripting attacks.

An attacker could construct a malicious link to a vulnerable host that contains arbitrary HTML and script code. If this link is visited by a web user, the attacker-supplied code will be rendered in their browser, in the security context of the vulnerable site.

https://www.example.com/path.to/cgi-bin/athcgi.exe?command=showpage&script='],[0,0]];alert('test!');a=[['
|参考资料

来源:BID
名称:5932
链接:http://www.securityfocus.com/bid/5932
来源:BUGTRAQ
名称:20021009XSSinAuthoriaHRSuite
链接:http://www.securityfocus.com/archive/1/294624
来源:XF
名称:authoria-hr-athcgi-xss(10324)
链接:http://www.iss.net/security_center/static/10324.php

相关推荐: CBOS漏洞

CBOS漏洞 漏洞ID 1205938 漏洞类型 未知 发布时间 2001-02-16 更新时间 2001-02-16 CVE编号 CVE-2001-0057 CNNVD-ID CNNVD-200102-092 漏洞平台 N/A CVSS评分 5.0 |漏洞来…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享