Fastream NetFile错误信息跨站脚本(XSS)漏洞

Fastream NetFile错误信息跨站脚本(XSS)漏洞

漏洞ID 1107549 漏洞类型 跨站脚本
发布时间 2003-10-28 更新时间 2005-10-20
图片[1]-Fastream NetFile错误信息跨站脚本(XSS)漏洞-安全小百科CVE编号 CVE-2003-1151
图片[2]-Fastream NetFile错误信息跨站脚本(XSS)漏洞-安全小百科CNNVD-ID CNNVD-200310-083
漏洞平台 Multiple CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/23307
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200310-083
|漏洞详情
FastreamNETFileServer6.0.3.588版本存在跨站脚本(XSS)漏洞。远程攻击者可以通过URL注入任意Web脚本或HTML,该漏洞在”404NotFound”错误网页中被显示。
|漏洞EXP
source: http://www.securityfocus.com/bid/8908/info

It has been reported that a cross-site scripting vulnerability may exist in NetFile that may allow remote attackers to execute HTML or script code in a user's browser. The issue is reported to occur due to a "404 Not Found" error message returned to the user due to a request for a URL that does not exist. The error message reportedly contains the bad URL which is not properly sanitized therefore allowing an attacker to a construct a malicious link containing HTML or script code that may be rendered in a user's browser.

Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information that could be used to launch further attacks.

NetFile FTP/Webserver Version 6.0.3.588 has been reported to be prone to this issue, however other versions may be affected as well. 

http://www.example.com/<script>alert("bang")</script>
|参考资料

来源:XF
名称:fastream-nonexistent-url-xss(13535)
链接:http://xforce.iss.net/xforce/xfdb/13535
来源:BID
名称:8908
链接:http://www.securityfocus.com/bid/8908
来源:BUGTRAQ
名称:20031028FastreamNetFileFTP/WebServer6.0CSSVulnerability
链接:http://www.securityfocus.com/archive/1/342678
来源:OSVDB
名称:2732
链接:http://www.osvdb.org/2732
来源:SECTRACK
名称:1008020
链接:http://securitytracker.com/id?1008020
来源:SECUNIA
名称:10099
链接:http://secunia.com/advisories/10099

相关推荐: Phorum目录遍历漏洞

Phorum目录遍历漏洞 漏洞ID 1206105 漏洞类型 路径遍历 发布时间 2000-12-31 更新时间 2000-12-31 CVE编号 CVE-2000-1229 CNNVD-ID CNNVD-200012-197 漏洞平台 N/A CVSS评分 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享