Mailtraq 2.2 – ‘Browse.asp’ Cross-Site Scripting

21次阅读
没有评论

Mailtraq 2.2 – ‘Browse.asp’ Cross-Site Scripting

漏洞ID 1053931 漏洞类型
发布时间 2003-06-04 更新时间 2003-06-04
Mailtraq 2.2 - 'Browse.asp' Cross-Site ScriptingCVE编号 N/A
Mailtraq 2.2 - 'Browse.asp' Cross-Site ScriptingCNNVD-ID N/A
漏洞平台 ASP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22730
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7813/info

Mailtraq is vulnerable to cross-site scripting attacks. The vulnerability exists due to insufficient sanitization of HTTP requests to the vulnerable Mailtraq server.

An attacker can exploit this vulnerability by manipulating the 'cfolder' URI parameter to the browse.asp script and sending a link to a victim user. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link. 

http://www.example.org/browse.asp?<script>alert(document.cookie)</script>

相关推荐: Excite for Web Servers (EWS)权限提升漏洞

Excite for Web Servers (EWS)权限提升漏洞 漏洞ID 1207254 漏洞类型 未知 发布时间 1998-11-30 更新时间 1998-11-30 CVE编号 CVE-1999-1072 CNNVD-ID CNNVD-199811-…

正文完
 0