phpLinkat多个跨站脚本漏洞

phpLinkat多个跨站脚本漏洞

漏洞ID 1107024 漏洞类型 跨站脚本
发布时间 2002-10-04 更新时间 2002-12-31
图片[1]-phpLinkat多个跨站脚本漏洞-安全小百科CVE编号 CVE-2002-2321
图片[2]-phpLinkat多个跨站脚本漏洞-安全小百科CNNVD-ID CNNVD-200212-792
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/21906
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-792
|漏洞详情
phpLinkat0.1.0版本中的(1)showcat.php和(2)addyoursite.php存在跨站脚本(XSS)漏洞。远程攻击者可以通过catid参数注入任意Web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/5890/info

Reportedly, phpLinkat is prone to cross site scripting attacks.

An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link containing HTML and script code. The attacker-supplied HTML and script code may be executed on a web client in the context of the site hosting phpLinkat.

Attackers may potentially exploit this issue to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.

http://target/showcat.php?catid=<Script>JavaScript:alert('test');</Script>

http://target/addyoursite.php?catid=<Script>JavaScript:alert('test');</Script>
|参考资料

来源:BID
名称:5890
链接:http://www.securityfocus.com/bid/5890
来源:XF
名称:phplinkat-url-showcat-xss(10269)
链接:http://www.iss.net/security_center/static/10269.php
来源:BUGTRAQ
名称:20021003phpLinkatXSSSecurityBug
链接:http://archives.neohapsis.com/archives/bugtraq/2002-10/0065.html

相关推荐: Webmin Insecure Directory Permissions Vulnerability

Webmin Insecure Directory Permissions Vulnerability 漏洞ID 1102355 漏洞类型 Design Error 发布时间 2002-03-20 更新时间 2002-03-20 CVE编号 N/A CNNVD…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享