Synkron.Web 3.0 – HTML Injection

Synkron.Web 3.0 – HTML Injection

漏洞ID 1053945 漏洞类型
发布时间 2003-06-06 更新时间 2003-06-06
图片[1]-Synkron.Web 3.0 – HTML Injection-安全小百科CVE编号 N/A
图片[2]-Synkron.Web 3.0 – HTML Injection-安全小百科CNNVD-ID N/A
漏洞平台 ASP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22744
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7833/info

Synkron.web is prone to HTML injection attacks. The vulnerability exists in the search script and is a result of insufficient sanitization of malicious HTML code from user-supplied input. HTML and script code may be echoed back when an existing user is views a cached search page.

Exploitation could allow for attacks that steal cookie-based authentication credentials.

http://www.example.net/sw000.asp?SearchCacheId=xx
&SearchPageNumberII=1&SearchParaId=y&SearchParaType=zzz

相关推荐: PHP posix_getpwnam / posix_getpwuid safe_mode Circumvention Vulnerability

PHP posix_getpwnam / posix_getpwuid safe_mode Circumvention Vulnerability 漏洞ID 1102250 漏洞类型 Design Error 发布时间 2002-04-23 更新时间 2002…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享