Macromedia Dreamweaver MX 6.0 – PHP User Authentication Suite Cross-Site Scripting

Macromedia Dreamweaver MX 6.0 – PHP User Authentication Suite Cross-Site Scripting

漏洞ID 1054069 漏洞类型
发布时间 2003-08-04 更新时间 2003-08-04
图片[1]-Macromedia Dreamweaver MX 6.0 – PHP User Authentication Suite Cross-Site Scripting-安全小百科CVE编号 N/A
图片[2]-Macromedia Dreamweaver MX 6.0 – PHP User Authentication Suite Cross-Site Scripting-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22986
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8339/info

It is possible to create an authentication or access control page, using Dreamweaver MX PHP Authentication Suite. This script will generate an error page that contains dynamic content when a user fails to authenticate correctly to the site.

A cross-site-scripting vulnerability has been reported to affect PHP authentication functions used in PHP access control pages created with the Macromedia Dreamweaver MX PHP Authentication Suite.

An attacker may exploit this condition to execute arbitrary HTML code in the browser of an unsuspecting user.

http://www.example.com/[PATH]/[LOGIN PAGE].php?[ACCESS DENIED VARIABLE]
="><script>alert('.::/|NSRG-18-7|//::.');</script>

相关推荐: Open WebMail用户名远程信息泄露漏洞

Open WebMail用户名远程信息泄露漏洞 漏洞ID 1203597 漏洞类型 信息泄露 发布时间 2002-11-23 更新时间 2002-12-31 CVE编号 CVE-2002-2410 CNNVD-ID CNNVD-200212-733 漏洞平台 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享