SCT Campus Pipeline电子邮件附件脚本注入漏洞

SCT Campus Pipeline电子邮件附件脚本注入漏洞

漏洞ID 1107880 漏洞类型 跨站脚本
发布时间 2004-04-15 更新时间 2005-10-20
图片[1]-SCT Campus Pipeline电子邮件附件脚本注入漏洞-安全小百科CVE编号 CVE-2004-1935
图片[2]-SCT Campus Pipeline电子邮件附件脚本注入漏洞-安全小百科CNNVD-ID CNNVD-200404-033
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/24008
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200404-033
|漏洞详情
SCTCampusPipeline存在跨站脚本(XSS)漏洞。远程攻击者可以通过电子邮件附件中的onload,onmouseover以及其他Javascript事件注入任意的web脚本或者HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/10154/info

It has been reported that Campus Pipeline is prone to a remote email attachment script injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied HTML and script code contained in email documents.

This issue may allow a remote attacker to gain control of an unsuspecting user's email account; by executing specific script code an attacker can manipulate the victim's email account. It may be possible for an attacker to steal cookie based authentication credentials as well, and due to the integrated nature of this software this may potentially lead to further compromise of the victim's account. It should be noted that this has not been confirmed.

To delete the current email message:
<html><body onload=?deleteMessage()?></body><html>

This exploit will open a new email message with attacker-supplied text:
<html><body
onload="location.replace('http://www.example.com/cp/email/composeBody?function=new&[email protected]&subject=I
love you matt&body=I was owned by matt')"></body></html>

Site redirection:
<html><body onload="location.replace('http://www.example.com/attackerSpecified.html')">
</body></html>
|参考资料

来源:BID
名称:10154
链接:http://www.securityfocus.com/bid/10154
来源:SECUNIA
名称:11396
链接:http://secunia.com/advisories/11396
来源:XF
名称:sct-campus-attachment-xss(15878)
链接:http://xforce.iss.net/xforce/xfdb/15878
来源:BUGTRAQ
名称:20040415SCTjavascriptexecutionvulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108207280917231&w;=2

相关推荐: TrACESroute 格式化字符串漏洞

TrACESroute 格式化字符串漏洞 漏洞ID 1203813 漏洞类型 格式化字符串 发布时间 2002-10-04 更新时间 2005-05-02 CVE编号 CVE-2002-1051 CNNVD-ID CNNVD-200210-014 漏洞平台 N…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享