OpenAutoClassifieds Listing参数跨站脚本(XSS)漏洞

OpenAutoClassifieds Listing参数跨站脚本(XSS)漏洞

漏洞ID 1107575 漏洞类型 跨站脚本
发布时间 2003-11-04 更新时间 2005-10-20
图片[1]-OpenAutoClassifieds Listing参数跨站脚本(XSS)漏洞-安全小百科CVE编号 CVE-2003-1145
图片[2]-OpenAutoClassifieds Listing参数跨站脚本(XSS)漏洞-安全小百科CNNVD-ID CNNVD-200311-024
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/23336
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200311-024
|漏洞详情
OpenAutoClassifieds1.0版本中的friendmail.php存在跨站脚本(XSS)漏洞。远程攻击者可以通过listing参数注入任意web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/8972/info

It has been reported that OpenAutoClassifieds is prone to a cross-site scripting vulnerability. The issue is reported to exist due insufficient sanitization of user-supplied data through the 'listings' parameter. The problem may allow a remote attacker to execute HTML or script code in the browser of a user following a malicious link created by an attacker.

Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information that could be used to launch further attacks.

OpenAutoClassifieds version 1.0 is reported to be prone to this issue, however other versions may be affected as well.

http://www.example.com/openautoclassifieds/friendmail.php?listing=<
script>alert(document.domain);</script>
|参考资料

来源:XF
名称:openautoclassifieds-friendmail-xss(13604)
链接:http://xforce.iss.net/xforce/xfdb/13604
来源:BID
名称:8972
链接:http://www.securityfocus.com/bid/8972
来源:BUGTRAQ
名称:20031107OpenAutoClassifiedsXSSattack
链接:http://www.securityfocus.com/archive/1/343806
来源:OSVDB
名称:2767
链接:http://www.osvdb.org/2767
来源:SECUNIA
名称:10138
链接:http://secunia.com/advisories/10138

相关推荐: Plague News System 0.7 – ‘delete.php’ Access Restriction Bypass

Plague News System 0.7 – ‘delete.php’ Access Restriction Bypass 漏洞ID 1055215 漏洞类型 发布时间 2005-07-04 更新时间 2005-07-04 CVE编号 N/A CNNVD-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享