JelSoft VBulletin ForumDisplay.PHP跨站脚本漏洞

JelSoft VBulletin ForumDisplay.PHP跨站脚本漏洞

漏洞ID 1107796 漏洞类型 跨站脚本
发布时间 2004-03-16 更新时间 2005-10-20
图片[1]-JelSoft VBulletin ForumDisplay.PHP跨站脚本漏洞-安全小百科CVE编号 CVE-2004-1823
图片[2]-JelSoft VBulletin ForumDisplay.PHP跨站脚本漏洞-安全小百科CNNVD-ID CNNVD-200412-323
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/23823
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-323
|漏洞详情
JelsoftvBulletin2.0beta3至3.0can4版本存在多个跨站脚本(XSS)漏洞。远程攻击者借助(1)showthread.php的page参数或者(2)forumdisplay.php的order参数注入任意web脚本或者HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/9889/info

It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'showthread.php' script. This issue is reportedly due to a failure to sanitize user input and so allow for injection of HTML and script code that may facilitate cross-site scripting attacks. 

Successful exploitation of this issue may allow for theft of cookie-based authentication credentials or other attacks.

http://www.example.com/showthread.php?t=[VID]&page=[INT][XSS]
|参考资料

来源:SECUNIA
名称:11142
链接:http://secunia.com/advisories/11142
来源:XF
名称:vbulletin-showthread-xss(15495)
链接:http://xforce.iss.net/xforce/xfdb/15495
来源:BID
名称:9889
链接:http://www.securityfocus.com/bid/9889
来源:BID
名称:9888
链接:http://www.securityfocus.com/bid/9888
来源:BUGTRAQ
名称:20040316JelSoftvBulletinMultipleXSSVulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107945556112453&w;=2
来源:OSVDB
名称:4311
链接:http://www.osvdb.org/4311
来源:OSVDB
名称:4310
链接:http://www.osvdb.org/4310
来源:SECTRACK
名称:1009440
链接:http://securitytracker.com/id?1009440

相关推荐: EFTP Directory Traversal Vulnerability

EFTP Directory Traversal Vulnerability 漏洞ID 1102665 漏洞类型 Input Validation Error 发布时间 2001-12-13 更新时间 2001-12-13 CVE编号 N/A CNNVD-ID…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享