Web Chat Manager 2.0 – HTML Code Injection

Web Chat Manager 2.0 – HTML Code Injection

漏洞ID 1053788 漏洞类型
发布时间 2003-03-25 更新时间 2003-03-25
图片[1]-Web Chat Manager 2.0 – HTML Code Injection-安全小百科CVE编号 N/A
图片[2]-Web Chat Manager 2.0 – HTML Code Injection-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22421
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7190/info

It has been reported that Web Chat Manager is prone to HTML injection attacks. This problem occurs due to insufficient sanitization of user-supplied input. 

As a result of this insufficiency an attacker may embed HTML code via a HTML form field or URI parameter of the Web Chat Manager user registration page.

It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible.

http://<target>/chat_dir/register.php?register=yes&username=OverG&email=<scr*pt>alert%20
("Test!")</scr*pt>&email1=<scr*pt>alert%20("Test!")</scr*pt>

相关推荐: NetScreen ScreenOS Loss of Configuration Vulnerability

NetScreen ScreenOS Loss of Configuration Vulnerability 漏洞ID 1100737 漏洞类型 Failure to Handle Exceptional Conditions 发布时间 2003-03-07 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享