PHP-Nuke Modules.php多个跨站脚本漏洞

PHP-Nuke Modules.php多个跨站脚本漏洞

漏洞ID 1107797 漏洞类型 跨站脚本
发布时间 2004-03-15 更新时间 2005-10-20
图片[1]-PHP-Nuke Modules.php多个跨站脚本漏洞-安全小百科CVE编号 CVE-2004-1817
图片[2]-PHP-Nuke Modules.php多个跨站脚本漏洞-安全小百科CNNVD-ID CNNVD-200403-057
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/23814
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200403-057
|漏洞详情
Php-Nuke7.1.0版本的modules.php存在跨站脚本漏洞。远程攻击者借助(1)YourName字段,(2)电子邮件字段,(3)nicname字段,(4)fname参数,(5)ratenum参数,或(6)查询字段注入任意web脚本或者HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/9879/info

It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via the 'Your Name', 'nicname', 'fname', 'ratenum', and 'search' fields of 'modules.php' script. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.

http://www.example.com/nuke71/modules.php?name=Recommend_Us&op=SiteSent&fname=>[xss code here]
http://www.example.com/nuke71/modules.php?name=Downloads&d_op=TopRated&ratenum=>[xss code here]&ratetype=x
|参考资料

来源:XF
名称:phpnuke-multiple-parameters-xss(15491)
链接:http://xforce.iss.net/xforce/xfdb/15491
来源:BID
名称:9879
链接:http://www.securityfocus.com/bid/9879
来源:SECUNIA
名称:11135
链接:http://secunia.com/advisories/11135
来源:BUGTRAQ
名称:20040315[waraxe-2004-SA#005-XSSinPhp-Nuke7.1.0-part2]
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107937752811633&w;=2

相关推荐: John Sage ACK_hole01 Potential Remote Heap Buffer Overrun Vulnerability

John Sage ACK_hole01 Potential Remote Heap Buffer Overrun Vulnerability 漏洞ID 1099073 漏洞类型 Boundary Condition Error 发布时间 2003-12-28…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享