Speech Internet Enhancer (Betsie) BBC Education Text跨站脚本（XSS）漏洞-安全小百科

Speech Internet Enhancer (Betsie) BBC Education Text跨站脚本（XSS）漏洞

漏洞ID	1106827	漏洞类型	跨站脚本
发布时间	2002-07-01	更新时间	2005-05-02
CVE编号	CVE-2002-1006	CNNVD-ID	CNNVD-200210-190
漏洞平台	CGI	CVSS评分	6.8

|漏洞来源

https://www.exploit-db.com/exploits/21587
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200210-190

|漏洞详情

SpeechInternetEnhancer(Betsie)1.5.11及其早期版本的BBCEducationText存在跨站脚本（XSS）漏洞。远程攻击者借助parserl.pl执行任意web脚本。

|漏洞EXP

source: http://www.securityfocus.com/bid/5135/info

Betsie (BBC Education Text to Speech Internet Enhancer) is prone to a cross-site scripting vulnerability. This issue exists in the parserl.pl script.

Attackers may exploit this condition via a malicious link to a site running the vulnerable software. Successful exploitation will enable an attacker to cause script code to be executed in the web browser of a user who visits the malicious link. 

http://server/cgi-bin/betsie/parserl.pl/<script>alert("eek!")</script>

|参考资料

来源:BID
名称:5135
链接:http://www.securityfocus.com/bid/5135
来源:XF
名称:betsie-parserl-xss(9468)
链接:http://www.iss.net/security_center/static/9468.php
来源:www.bbc.co.uk
链接:http://www.bbc.co.uk/education/betsie/parser.pl.txt
来源:BUGTRAQ
名称:20020701PTL-2002-03BetsieXSSVuln
链接:http://archives.neohapsis.com/archives/bugtraq/2002-07/0002.html

相关推荐: Caldera IDENT daemon Denial of Service Vulnerability

Caldera IDENT daemon Denial of Service Vulnerability 漏洞ID 1104563 漏洞类型 Boundary Condition Error 发布时间 1999-10-08 更新时间 1999-10-08 CV…

文章版权归作者所有，未经允许请勿转载。

THE END