Synkron.Web 3.0 – HTML Injection

23次阅读
没有评论

Synkron.Web 3.0 – HTML Injection

漏洞ID 1053945 漏洞类型
发布时间 2003-06-06 更新时间 2003-06-06
Synkron.Web 3.0 - HTML InjectionCVE编号 N/A
Synkron.Web 3.0 - HTML InjectionCNNVD-ID N/A
漏洞平台 ASP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22744
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7833/info

Synkron.web is prone to HTML injection attacks. The vulnerability exists in the search script and is a result of insufficient sanitization of malicious HTML code from user-supplied input. HTML and script code may be echoed back when an existing user is views a cached search page.

Exploitation could allow for attacks that steal cookie-based authentication credentials.

http://www.example.net/sw000.asp?SearchCacheId=xx
&SearchPageNumberII=1&SearchParaId=y&SearchParaType=zzz

相关推荐: PHP posix_getpwnam / posix_getpwuid safe_mode Circumvention Vulnerability

PHP posix_getpwnam / posix_getpwuid safe_mode Circumvention Vulnerability 漏洞ID 1102250 漏洞类型 Design Error 发布时间 2002-04-23 更新时间 2002…

正文完
 0