Expinion.net Member Management System多个跨站脚本漏洞

Expinion.net Member Management System多个跨站脚本漏洞

漏洞ID 1107810 漏洞类型 跨站脚本
发布时间 2004-03-20 更新时间 2005-10-20
图片[1]-Expinion.net Member Management System多个跨站脚本漏洞-安全小百科CVE编号 CVE-2004-1844
图片[2]-Expinion.net Member Management System多个跨站脚本漏洞-安全小百科CNNVD-ID CNNVD-200412-1112
漏洞平台 ASP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/23854
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-1112
|漏洞详情
MemberManagementSystem2.1版本存在跨站脚本漏洞。远程攻击者借助(1)error.asp的err参数或者(2)register.asp注入任意web脚本或者HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/9932/info
 
It has been reported that a number of Member Management System scripts are prone to cross-site scripting vulnerabilities. These issues are reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks. The issues are reported to affect the 'err' parameter of 'error.asp' script and the 'register.asp' script.
 
Member Management System version 2.1 has been reported to be affected by this issue, however, other versions may be vulnerable as well.

In the register form: "><iframe src=http://www.example.com/admin/user_del.asp?ID=[ID to delete]>
|参考资料

来源:XF
名称:mms-xss(15552)
链接:http://xforce.iss.net/xforce/xfdb/15552
来源:BID
名称:9932
链接:http://www.securityfocus.com/bid/9932
来源:SECTRACK
名称:1009508
链接:http://securitytracker.com/id?1009508
来源:SECUNIA
名称:11179
链接:http://secunia.com/advisories/11179
来源:BUGTRAQ
名称:20040322VulnerabilitiesinMemberManagementSystem2.1
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107999697625786&w;=2

相关推荐: Novell GroupWise Wireless Webaccess Insecure Logged Password Vulnerability

Novell GroupWise Wireless Webaccess Insecure Logged Password Vulnerability 漏洞ID 1099742 漏洞类型 Design Error 发布时间 2003-08-01 更新时间 200…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享