MPM Guestbook跨站脚本(XSS)漏洞

MPM Guestbook跨站脚本(XSS)漏洞

漏洞ID 1107569 漏洞类型 跨站脚本
发布时间 2003-11-03 更新时间 2005-10-20
图片[1]-MPM Guestbook跨站脚本(XSS)漏洞-安全小百科CVE编号 CVE-2003-1182
图片[2]-MPM Guestbook跨站脚本(XSS)漏洞-安全小百科CNNVD-ID CNNVD-200311-019
漏洞平台 CGI CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/23332
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200311-019
|漏洞详情
MPMGuestbook1.2版本存在跨站脚本(XSS)漏洞。远程攻击者可以通过lng参数注入任意web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/8958/info

MPM Guestbook is reported to be prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of HTML from URI parameters, which will be displayed in web pages that are dynamically generated by the software.

An attacker could exploit this issue by enticing a user to follow a malicious link. This could theoretically allow for theft of cookie-based authentication credentials or other attacks. 

http://www.example.com/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E
|参考资料

来源:XF
名称:mpmguestbook-ing-xss(13575)
链接:http://xforce.iss.net/xforce/xfdb/13575
来源:BID
名称:8958
链接:http://www.securityfocus.com/bid/8958
来源:OSVDB
名称:2754
链接:http://www.osvdb.org/2754
来源:SECUNIA
名称:10122
链接:http://secunia.com/advisories/10122

相关推荐: Cisco CNS CCM 拒绝服务漏洞

Cisco CNS CCM 拒绝服务漏洞 漏洞ID 1200287 漏洞类型 未知 发布时间 2005-01-10 更新时间 2005-01-10 CVE编号 CVE-2004-1163 CNNVD-ID CNNVD-200501-168 漏洞平台 N/A C…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享