ZyXEL ZyWALL 10管理接口跨站脚本漏洞

ZyXEL ZyWALL 10管理接口跨站脚本漏洞

漏洞ID 1107619 漏洞类型 跨站脚本
发布时间 2004-01-06 更新时间 2005-10-20
图片[1]-ZyXEL ZyWALL 10管理接口跨站脚本漏洞-安全小百科CVE编号 CVE-2004-1789
图片[2]-ZyXEL ZyWALL 10管理接口跨站脚本漏洞-安全小百科CNNVD-ID CNNVD-200412-353
漏洞平台 Hardware CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/23527
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-353
|漏洞详情
ZyWALL104.07版本的web管理接口存在跨站脚本(XSS)漏洞。远程攻击者可以借助rpAuth_1页注入任意web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/9373/info

ZyWALL 10 firewalls are prone to cross-site scripting attacks via the web management interface of affected devices. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a site hosting the software that contains embedded HTML and script code. The embedded code may be rendered in the web browser of the victim user.

This could potentially be exploited to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible.

http://<host>/Forms/rpAuth_1?ZyXEL%20ZyWALL%20Series<script>alert('XSS')</script>
|参考资料

来源:XF
名称:zywall-xss(14163)
链接:http://xforce.iss.net/xforce/xfdb/14163
来源:BID
名称:9373
链接:http://www.securityfocus.com/bid/9373
来源:BUGTRAQ
名称:20040106ZyXEL10OFZyWALLSeriesRouterCrossSiteScriptingVulnerabillity
链接:http://www.securityfocus.com/archive/1/349085
来源:OSVDB
名称:3443
链接:http://www.osvdb.org/3443
来源:SECTRACK
名称:1008644
链接:http://securitytracker.com/id?1008644
来源:OSVDB
名称:12793
链接:http://www.osvdb.org/12793
来源:SECUNIA
名称:10574
链接:http://secunia.com/advisories/10574

相关推荐: Zebra及quagga服务拒绝漏洞

Zebra及quagga服务拒绝漏洞 漏洞ID 1202264 漏洞类型 资源管理错误 发布时间 2003-12-15 更新时间 2003-12-15 CVE编号 CVE-2003-0858 CNNVD-ID CNNVD-200312-036 漏洞平台 N/A…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享