Divine Content Server 5.0 – Error Page Cross-Site Scripting

15次阅读
没有评论

Divine Content Server 5.0 – Error Page Cross-Site Scripting

漏洞ID 1054209 漏洞类型
发布时间 2003-10-03 更新时间 2003-10-03
Divine Content Server 5.0 - Error Page Cross-Site ScriptingCVE编号 N/A
Divine Content Server 5.0 - Error Page Cross-Site ScriptingCNNVD-ID N/A
漏洞平台 CGI CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23217
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8763/info

It has been reported that Divine Content Server is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input. The problem exists in the 'pagename' attribute in the error page of the software. This issue may allow a remote attacker to execute HTML or script code in user's browser.

Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials. Other attacks may well be possible.

Divine Content Server version 5.0 may be vulnerable to this issue, however this information cannot be confirmed at the moment. 

http://www.example.com/servlet/ContentServer?pagename=<body%20onload=alert(document.cookie);>

相关推荐: Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability

Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability 漏洞ID 1103273 漏洞类型 Boundary Condition Error 发布时间 2001-05-0…

正文完
 0