Mambo开源Itemid参数跨站脚本漏洞

Mambo开源Itemid参数跨站脚本漏洞

漏洞ID 1107687 漏洞类型 跨站脚本
发布时间 2004-02-05 更新时间 2005-10-20
图片[1]-Mambo开源Itemid参数跨站脚本漏洞-安全小百科CVE编号 CVE-2004-2072
图片[2]-Mambo开源Itemid参数跨站脚本漏洞-安全小百科CNNVD-ID CNNVD-200412-548
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/23657
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-548
|漏洞详情
MamboOpenSource4.6或可能早期版本的index.php存在跨站脚本(XSS)漏洞。远程攻击者可以借助Itemid参数执行其它客户端脚本。
|漏洞EXP
source: http://www.securityfocus.com/bid/9588/info

It has been reported that Mambo Open Source may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in a user's browser. The issue exists in the 'Itemid' parameter of 'index.php' script.

Mambo Open Source version 4.6 has been reported to be prone to this issue, however, other versions may be affected has well.

http://www.example.com/index.php?option=content&task=view&id=1&Itemid="><script>alert(document.domain);</script>
|参考资料

来源:XF
名称:mambo-itemid-xss(15062)
链接:http://xforce.iss.net/xforce/xfdb/15062
来源:www.systemsecure.org
链接:http://www.systemsecure.org/advisories/ssadvisory06022004.php
来源:BID
名称:9588
链接:http://www.securityfocus.com/bid/9588

相关推荐: Sendmail decode alias信息修改漏洞

Sendmail decode alias信息修改漏洞 漏洞ID 1207619 漏洞类型 未知 发布时间 1996-12-10 更新时间 1996-12-10 CVE编号 CVE-1999-0096 CNNVD-ID CNNVD-199612-007 漏洞平…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享