Mailtraq 2.2 – ‘Browse.asp’ Cross-Site Scripting

Mailtraq 2.2 – ‘Browse.asp’ Cross-Site Scripting

漏洞ID 1053931 漏洞类型
发布时间 2003-06-04 更新时间 2003-06-04
图片[1]-Mailtraq 2.2 – ‘Browse.asp’ Cross-Site Scripting-安全小百科CVE编号 N/A
图片[2]-Mailtraq 2.2 – ‘Browse.asp’ Cross-Site Scripting-安全小百科CNNVD-ID N/A
漏洞平台 ASP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22730
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7813/info

Mailtraq is vulnerable to cross-site scripting attacks. The vulnerability exists due to insufficient sanitization of HTTP requests to the vulnerable Mailtraq server.

An attacker can exploit this vulnerability by manipulating the 'cfolder' URI parameter to the browse.asp script and sending a link to a victim user. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link. 

http://www.example.org/browse.asp?<script>alert(document.cookie)</script>

相关推荐: Excite for Web Servers (EWS)权限提升漏洞

Excite for Web Servers (EWS)权限提升漏洞 漏洞ID 1207254 漏洞类型 未知 发布时间 1998-11-30 更新时间 1998-11-30 CVE编号 CVE-1999-1072 CNNVD-ID CNNVD-199811-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享