Mambo开源Itemid参数跨站脚本漏洞

31次阅读
没有评论

Mambo开源Itemid参数跨站脚本漏洞

漏洞ID 1107687 漏洞类型 跨站脚本
发布时间 2004-02-05 更新时间 2005-10-20
Mambo开源Itemid参数跨站脚本漏洞CVE编号 CVE-2004-2072
Mambo开源Itemid参数跨站脚本漏洞CNNVD-ID CNNVD-200412-548
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/23657
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-548
|漏洞详情
MamboOpenSource4.6或可能早期版本的index.php存在跨站脚本(XSS)漏洞。远程攻击者可以借助Itemid参数执行其它客户端脚本。
|漏洞EXP
source: http://www.securityfocus.com/bid/9588/info

It has been reported that Mambo Open Source may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in a user's browser. The issue exists in the 'Itemid' parameter of 'index.php' script.

Mambo Open Source version 4.6 has been reported to be prone to this issue, however, other versions may be affected has well.

http://www.example.com/index.php?option=content&task=view&id=1&Itemid="><script>alert(document.domain);</script>
|参考资料

来源:XF
名称:mambo-itemid-xss(15062)
链接:http://xforce.iss.net/xforce/xfdb/15062
来源:www.systemsecure.org
链接:http://www.systemsecure.org/advisories/ssadvisory06022004.php
来源:BID
名称:9588
链接:http://www.securityfocus.com/bid/9588

相关推荐: Sendmail decode alias信息修改漏洞

Sendmail decode alias信息修改漏洞 漏洞ID 1207619 漏洞类型 未知 发布时间 1996-12-10 更新时间 1996-12-10 CVE编号 CVE-1999-0096 CNNVD-ID CNNVD-199612-007 漏洞平…

正文完
 0