John Beatty Easy PHP照片相册dir参数HTML注入漏洞

17次阅读
没有评论

John Beatty Easy PHP照片相册dir参数HTML注入漏洞

漏洞ID 1107574 漏洞类型 跨站脚本
发布时间 2003-11-04 更新时间 2005-10-20
John Beatty Easy PHP照片相册dir参数HTML注入漏洞CVE编号 CVE-2003-1146
John Beatty Easy PHP照片相册dir参数HTML注入漏洞CNNVD-ID CNNVD-200305-017
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/23338
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200305-017
|漏洞详情
JohnBeattyEasyPHP照片相册1.0版本存在跨站脚本(XSS)漏洞。远程攻击者可以借助dir参数注入任意web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/8977/info

It has been reported that Easy PHP Photo Album is prone to a HTML injection vulnerability that may allow an attacker to execute HTML code in a user's browser. The issue is reported to be present in the 'dir' parameter. This problem is due to insufficient sanitization of user-supplied input.

Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible.

Easy PHP Photo Album version 1.0 has been reported to be vulnerable to this issue, however prior versions may be affected as well. 

http://www.example.com/photos/showimages.php?dir=<iframe%20src="C:"%20width=400%20height=400></iframe>
http://www.example.com//photos/showfullimage.php?dir=[dir name][spc]St[spc]Clair&image=<h1>hello</h1>
|参考资料

来源:BID
名称:8977
链接:http://www.securityfocus.com/bid/8977
来源:security.nnov.ru
链接:http://security.nnov.ru/docs5347.html

相关推荐: GoodTech FTP server拒绝服务漏洞

GoodTech FTP server拒绝服务漏洞 漏洞ID 1206340 漏洞类型 未知 发布时间 2000-10-20 更新时间 2005-08-17 CVE编号 CVE-2000-0717 CNNVD-ID CNNVD-200010-030 漏洞平台 …

正文完
 0