NPDS News Message HTML注入漏洞

21次阅读
没有评论

NPDS News Message HTML注入漏洞

漏洞ID 1106998 漏洞类型 跨站脚本
发布时间 2002-09-25 更新时间 2005-10-20
NPDS News Message HTML注入漏洞CVE编号 CVE-2002-1804
NPDS News Message HTML注入漏洞CNNVD-ID CNNVD-200212-390
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/21860
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-390
|漏洞详情
NPDS4.8存在跨站脚本攻击(XSS)漏洞。远程攻击者可以借助IMG标签中的Javascript注入任意web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/5797/info

Problems with NPDS could make it possible to execute arbitrary script code in a vulnerable client.

NPDS does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contains malicious HTML code, the code contained in the posted message would be executed in the browser of the vulnerable user. This will occur in the context of the site running the NPDS software.

<IMG SRC="javascript:alert('unsecure')">
|参考资料

来源:BID
名称:5797
链接:http://www.securityfocus.com/bid/5797
来源:XF
名称:cms-news-image-xss(10173)
链接:http://www.iss.net/security_center/static/10173.php
来源:BUGTRAQ
名称:20020924ECHUAlert#2:IMGAttackinthenews:6CMSvulnerables
链接:http://archives.neohapsis.com/archives/bugtraq/2002-09/0307.html

相关推荐: FoxWeb PATH_INFO Remote Buffer Overrun Vulnerability

FoxWeb PATH_INFO Remote Buffer Overrun Vulnerability 漏洞ID 1099611 漏洞类型 Boundary Condition Error 发布时间 2003-09-05 更新时间 2003-09-05 CV…

正文完
 0