NOCC Webmail脚本注入漏洞

NOCC Webmail脚本注入漏洞

漏洞ID 1106722 漏洞类型 跨站脚本
发布时间 2002-05-14 更新时间 2002-12-31
图片[1]-NOCC Webmail脚本注入漏洞-安全小百科CVE编号 CVE-2002-2343
图片[2]-NOCC Webmail脚本注入漏洞-安全小百科CNNVD-ID CNNVD-200212-125
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/21449
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-125
|漏洞详情
NOCC0.9到0.9.5版本存在跨站脚本(XSS)漏洞。远程攻击者借助电子邮件注入任意web脚本或者HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/4740/info

NOCC is a web based email client implemented in PHP4. It includes support for POP3, SMTP and IMAP servers, MIME attachments and multiple languages.

A script injection issue has been reported with the way emails are displayed to users of NOCC webmail. A malicious attacker can include script code in an email and potentially get full access to a victim's mailbox. 

<script>alert(document.cookie)</script>

This will show the victim's session id.
|参考资料

来源:BID
名称:4740
链接:http://www.securityfocus.com/bid/4740
来源:XF
名称:nocc-webmail-css(9071)
链接:http://www.iss.net/security_center/static/9071.php
来源:sourceforge.net
链接:http://sourceforge.net/tracker/index.php?func=detail&aid;=555897&group;_id=12177&atid;=112177
来源:BUGTRAQ
名称:20020514NOCC:cross-site-scriptingbug
链接:http://archives.neohapsis.com/archives/bugtraq/2002-05/0107.html

相关推荐: web浏览器SATAN权限许可漏洞

web浏览器SATAN权限许可漏洞 漏洞ID 1207684 漏洞类型 未知 发布时间 1995-04-03 更新时间 1995-04-03 CVE编号 CVE-1999-0151 CNNVD-ID CNNVD-199504-001 漏洞平台 N/A CVSS…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享