Faq-O-Matic跨站脚本执行漏洞

Faq-O-Matic跨站脚本执行漏洞

漏洞ID 1106694 漏洞类型 输入验证
发布时间 2002-04-20 更新时间 2005-10-20
图片[1]-Faq-O-Matic跨站脚本执行漏洞-安全小百科CVE编号 CVE-2002-2011
图片[2]-Faq-O-Matic跨站脚本执行漏洞-安全小百科CNNVD-ID CNNVD-200212-287
漏洞平台 CGI CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/21405
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-287
|漏洞详情
Faq-O-Matic是一款基于WEB的FAQ管理系统,可运行在多种Linux和Unix操作系统下。Faq-O-Matic对用户提交给URL的数据没有正确充分的处理,导致攻击者可以进行跨站脚本攻击。Faq-O-Maticde中的fom.cgi脚本没有正确检查用户提交给”file”参数的内容,如果”file”参数的内容不存在,脚本就会把错误信息打印成HTML形式,攻击者可以在”file”参数中插入恶意脚本代码,当其他用户查看此连接时,就可以导致其中的脚本代码在用户浏览器上执行,导致基于Cookie认证的信息被泄露等问题。
|漏洞EXP
source: http://www.securityfocus.com/bid/4565/info

Faq-O-Matic 2.711 and 2.712 is a web-based Frequently Asked Question (FAQ) management system. It is vulnerable to a cross site scripting issue arising from a failure to filter HTML or script from a malformed query, returning the submitted script as an error message which is then processed by the browser. This is done by submitting the script as an argument to the Faq-O-Matic component "fom.cgi" - specifically, to the "file" parameter. This script is then treated by the user's browser as though it originated from the Faq-O-Matic web site.

http://www.wherever.tld/path_to_Faq-O-Matic/fom?file=<script>alert('If+this+script+was+modified,+it+could+easily+steal+amigadev.net+cookies+and+log+them+to+a+remote+location')</script>&step
|参考资料

来源:BID
名称:4565
链接:http://www.securityfocus.com/bid/4565
来源:XF
名称:faqomatic-cgi-file-css(8906)
链接:http://www.iss.net/security_center/static/8906.php
来源:BUGTRAQ
名称:20020419AnotherFaq-O-MaticXSSVuln?
链接:http://archives.neohapsis.com/archives/bugtraq/2002-04/0287.html
来源:NSFOCUS
名称:2638
链接:http://www.nsfocus.net/vulndb/2638

相关推荐: Univ. of Washington pop2d Buffer Overflow Vulnerability

Univ. of Washington pop2d Buffer Overflow Vulnerability 漏洞ID 1104770 漏洞类型 Boundary Condition Error 发布时间 1999-05-26 更新时间 1999-05-26…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享