John Beatty Easy PHP照片相册dir参数HTML注入漏洞

John Beatty Easy PHP照片相册dir参数HTML注入漏洞

漏洞ID 1107574 漏洞类型 跨站脚本
发布时间 2003-11-04 更新时间 2005-10-20
图片[1]-John Beatty Easy PHP照片相册dir参数HTML注入漏洞-安全小百科CVE编号 CVE-2003-1146
图片[2]-John Beatty Easy PHP照片相册dir参数HTML注入漏洞-安全小百科CNNVD-ID CNNVD-200305-017
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/23338
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200305-017
|漏洞详情
JohnBeattyEasyPHP照片相册1.0版本存在跨站脚本(XSS)漏洞。远程攻击者可以借助dir参数注入任意web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/8977/info

It has been reported that Easy PHP Photo Album is prone to a HTML injection vulnerability that may allow an attacker to execute HTML code in a user's browser. The issue is reported to be present in the 'dir' parameter. This problem is due to insufficient sanitization of user-supplied input.

Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible.

Easy PHP Photo Album version 1.0 has been reported to be vulnerable to this issue, however prior versions may be affected as well. 

http://www.example.com/photos/showimages.php?dir=<iframe%20src="C:"%20width=400%20height=400></iframe>
http://www.example.com//photos/showfullimage.php?dir=[dir name][spc]St[spc]Clair&image=<h1>hello</h1>
|参考资料

来源:BID
名称:8977
链接:http://www.securityfocus.com/bid/8977
来源:security.nnov.ru
链接:http://security.nnov.ru/docs5347.html

相关推荐: GoodTech FTP server拒绝服务漏洞

GoodTech FTP server拒绝服务漏洞 漏洞ID 1206340 漏洞类型 未知 发布时间 2000-10-20 更新时间 2005-08-17 CVE编号 CVE-2000-0717 CNNVD-ID CNNVD-200010-030 漏洞平台 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享